Has your DNS server or IP address received a probe from a CAIDA host? Learn more about the DNS probes sent by CAIDA for these surveys.
Duane Wessels and The Measurement Factory, under subcontract to CAIDA, conduct surveys to obtain global statistics on currently deployed DNS nameservers. These surveys include:
This ongoing survey identifies open resolvers, i.e., nameservers providing recursive name resolution for clients outside of their administrative domains. Open resolvers are to the DNS what open relays are to SMTP. They are occasionally used in high-volume DDoS attacks. Additionally, they are more likely to help spread DNS cache poison, and also allow outsiders to trigger known bugs in popular DNS software. The open resolver page links to an archive of daily reports showing the number of open resolvers for each Autonomous System number as well as the most recent report.
DNS cache poisoning
This periodic survey looks for DNS cache poisoners, or nameservers that return incorrect referrals for important domains. When a DNS cache becomes poisoned, web requests are sent to the wrong (possibly malicious) server, email may be mis-delivered, and more. Duane presented the methodology and first results at the 1st DNS-OARC workshop in July 2005. Our future plans include classification of poisoners as (likely) malicious or careless and analysis of other types of DNS cache poisoning. The most recent poisoner survey is browsable.
Nameserver software on the Internet (Semi-annually)
In this survey, we randomly sample 5% of the routable IPv4 address space to answer questions such as:
- How many nameservers are out there?
- What software do they run?
- Do they openly provide recursion?
- How many nameservers allow a zone transfer?
- Are nameservers topologically dispersed?
- Do delegations match authoritative NS records?
- Do all nameservers return the same TTL for NS records?
- Are SOA values within their suggested ranges?
- Do serial numbers for a zone match?
- How many zones have a lame server?
At the same time, we also perform some surveys against known authoritative nameservers. Here, we start with a list of existing DNS names and find their authoritative servers. Our queries to these nameservers are intended to find out: