# 2214, Thu 1 Jun 00 (PST), CAIDA # # dns-root.srl: DNS response to root nameservers # # Nevil Brownlee, ITSS Technology Development, The University of Auckland define DNS = 53; # defines from flowhash.h define PP_ICMP_ECHO = 1; # Packet-Pairs for TurnaroundTimes define PP_UDP_DNS = 11; define PP_TCP = 192; # 0xC0 plus low-order bits as follows .. define PP_OK_SYNACK = 1; # ->SYN, <-SYN+ACK pairs define PP_OK_SYNRST = 2; # ->SYN, <-SYN+RST pairs define PP_OK_MULTI = 8; # ->DATA, <-ACK for more than one packet define PP_OK_SINGLE = 16; # ->DATA, <-ACK 'lone' packet define PP_OK_INGROUP = 32; # ->DATA, <-ACK single packet in a group define B_ROOT_NS = 128.9.0.107/32; # 2 ISI, USC, Ca define E_ROOT_NS = 192.203.230.10/32; # 5 NASA Ames, Ca define F_ROOT_NS = 192.5.5.241/32; # 6 ISC, Palo Alto (NetBlk MIBH), Ca define L_ROOT_NS = 198.32.64.12/32; # 12 Exchange Point blocks (Bill Manning), Ca define D_ROOT_NS = 128.8.10.90/32; # 4 U Maryland, Md define H_ROOT_NS = 128.63.2.53/32; # 8 ABRL, Abdereen, Md define A_ROOT_NS = 198.41.0.4/32; # 1 NSI, Herndon, Va define C_ROOT_NS = 192.33.4.12/32; # 3 PSI, Herndon, Va define G_ROOT_NS = 192.112.36.4/32; # 7 DoD NIC, Chantilly, Va define J_ROOT_NS = 198.41.0.10/32; # 10 NSI, Herndon, Va define I_ROOT_NS = 192.36.148.17/32; # 9 KTH, Stockholm define K_ROOT_NS = 193.0.14.129/32; # 11 RIPE NCC, Amsterdam define M_ROOT_NS = 202.12.27.33/32; # 13 WIDE, Tokyo define ROOT_NS = A_ROOT_NS, B_ROOT_NS, C_ROOT_NS, D_ROOT_NS, E_ROOT_NS, F_ROOT_NS, G_ROOT_NS, H_ROOT_NS, I_ROOT_NS, J_ROOT_NS, K_ROOT_NS, L_ROOT_NS, M_ROOT_NS; # N_ROOT_NS not yet allocated! define TestDestAddress = # Caution: must \; to get semicolons in define text if DestPeerAddress == A_ROOT_NS store FlowKind := 1\; else if DestPeerAddress == B_ROOT_NS store FlowKind := 2\; else if DestPeerAddress == C_ROOT_NS store FlowKind := 3\; else if DestPeerAddress == D_ROOT_NS store FlowKind := 4\; else if DestPeerAddress == E_ROOT_NS store FlowKind := 5\; else if DestPeerAddress == F_ROOT_NS store FlowKind := 6\; else if DestPeerAddress == G_ROOT_NS store FlowKind := 7\; else if DestPeerAddress == H_ROOT_NS store FlowKind := 8\; else if DestPeerAddress == I_ROOT_NS store FlowKind := 9\; else if DestPeerAddress == J_ROOT_NS store FlowKind := 10\; else if DestPeerAddress == K_ROOT_NS store FlowKind := 11\; else if DestPeerAddress == L_ROOT_NS store FlowKind := 12\; else if DestPeerAddress == M_ROOT_NS store FlowKind := 13\; optimise 3; if SourcePeerType == IPv4 save; else ignore; # Not IP if SourceTransType == UDP save; else ignore; # Not UDP if DestTransAddress == DNS save, { if SourceTransAddress == DNS save; # Ambiguous flow, keep it separate TestDestAddress; # Sets FlowKind if FlowKind == 0 nomatch; # Not a root nameserver else { save ToTurnaroundTime1 = 100.11.0!0 & 1.3.1!700; # 100 buckets, PP_UDP_DNS, linear scale, 10**3 => 1..700 ms count; } } set dns_root; format FlowRuleSet FlowIndex FirstTime SourcePeerType SourceTransType " " FlowKind DestTransAddress " " SourceTransAddress " " ToPDUs FromPDUs " " ToOctets FromOctets " " ToLostPDUs FromLostPDUs " (" ToTurnaroundTime1 ")";