|   HOME   |   RESEARCH   |   DATA   |   TOOLS   |   PUBLICATIONS   |   WORKSHOPS   |   PROJECTS   |   FUNDING   |
CAIDA Home
 Current Research | Historical Research  
 www.caida.org > research : dns : : surveys
    visit     contact     search:
CAIDA: Cooperative Association for Internet Data Analysis
DNS Probes and Surveys

-----summary of contents-----
To measure the stability, validity and reliability of the Domain Name System (DNS), CAIDA employs survey techniques via probes to query the name servers for analysis and reporting. CAIDA conducts several surveys to help us identify invalid data, analyze security issues, and determine the most commonly used software.
-----end summary of contents-----

DNS Probes

Has your DNS server or IP address received a probe from a CAIDA host? Learn more about the DNS probes sent by CAIDA for these surveys.

DNS Surveys

Duane Wessels and The Measurement Factory, under subcontract to CAIDA, conduct surveys to obtain global statistics on currently deployed DNS nameservers. These surveys include:

  • Open Resolvers
    This ongoing survey identifies open resolvers, i.e., nameservers providing recursive name resolution for clients outside of their administrative domains. Open resolvers are to the DNS what open relays are to SMTP. They are occasionally used in high-volume DDoS attacks. Additionally, they are more likely to help spread DNS cache poison, and also allow outsiders to trigger known bugs in popular DNS software. The open resolver page links to an archive of daily reports showing the number of open resolvers for each Autonomous System number as well as the most recent report.

  • DNS cache poisoning
    This periodic survey looks for DNS cache poisoners, or nameservers that return incorrect referrals for important domains. When a DNS cache becomes poisoned, web requests are sent to the wrong (possibly malicious) server, email may be mis-delivered, and more. Duane presented the methodology and first results at the 1st DNS-OARC workshop in July 2005. Our future plans include classification of poisoners as (likely) malicious or careless and analysis of other types of DNS cache poisoning. The most recent poisoner survey is browsable.

  • Nameserver software on the Internet (Semi-annually)
    In this survey, we randomly sample 5% of the routable IPv4 address space to answer questions such as:

    • How many nameservers are out there?
    • What software do they run?
    • Do they openly provide recursion?

    At the same time, we also perform some surveys against known authoritative nameservers. Here, we start with a list of existing DNS names and find their authoritative servers. Our queries to these nameservers are intended to find out:

    • How many nameservers allow a zone transfer?
    • Are nameservers topologically dispersed?
    • Do delegations match authoritative NS records?
    • Do all nameservers return the same TTL for NS records?
    • Are SOA values within their suggested ranges?
    • Do serial numbers for a zone match?
    • How many zones have a lame server?
Cooperative Association for Internet Data Analysis (CAIDA)
  Last Modified: Mon Sep-24-2007 14:20:35 PDT
  Maintained by: Alex Ma
  Page URL: http://www.caida.org/research/dns/surveys/index.xml