In August and October of 2002, as part of our DNS research activities, CAIDA responded to the Root Server System Advisory Committee's invitation to help DNS root operators study and improve the integrity of the root server system. CAIDA conducted a series of simultaneous collection events with the A, E, F, I, K and M DNS root operators. These events and the resulting datasets and analysis laid groundwork in tools and process for subsequent collection events. The resulting analysis that looked at client and query statistics foreshadowed some patterns we see today of misbehaving clients generating large amounts of invalid queries.
- Traffic at {e,i,k,m}-root for 26 hours starting 2002-08-14.
- Traffic at {a,e,f,i,k,m}-root for 7 days starting 2002-08-28.
- Traffic at {e,i,k,m}-root during the DoS attack of 2002-10-21.
For the past several years, CAIDA, in collaboration with ISC and DNS-OARC, has organized scientific experiments on the global Internet where we coordinate large-scale, simultaneous traffic data collection events with the goal of capturing datasets of strategic interest to researchers. We conducted these experiments as part a project we call "A Day in the life of the Internet". While these events targeted many types of data, they focused on the traffic to the DNS root nameservers.
The following table includes general statistics from the previous four collection events and shows the increased cooperation and participation from the DNS root operators.
| DITL 2006 | DITL 2007 | DITL 2008 | DITL 2009 | |
|---|---|---|---|---|
| Duration of dataset analyzed | 48 h (10-11 Jan.) | 24 h ( 9-10 Jan.) | 24 h (19 Mar.) | 24 h (31 Mar.) |
| Volume | 144G | 164G | 278G | 281G |
| Number of instances | C: 4/4 F: 34/40 K: 17/17 |
C: 4/4 F: 36/40 K: 15/17 M: 6/6 |
A: 1/1 C: 4/4 E: 1/1 (4 nodes) F: 35/41 H: 2/2 (v4 and v6) K: 15/17 L: 2/2 M: 6/6 |
A: 1/1 C: 6/6 E: 1/1 (4 nodes) F: 36/48 H: 2/2 (v4 and v6) K: 16/17 L: 2/2 M: 6/6 |
With ISC/OARC permission, we indexed these traces into the Internet Measurement Data Catalog (DatCat). Researchers will need to contact the OARC directly in order to access the data.
In 2009, we focused attention on analysis of the last four years of DNS root zone data with an eye toward establishing some baseline statistics for the DNS root servers prior to the introduction of several changes to the root zone that might impact stability: cryptographically signing the root zone with DNSSEC, deploying Internationalized Top-Level Domain (TLD) Names (IDNs), and addition of other new global Top Level Domains (TLDs). We published the results in a paper "Understanding and preparing for DNS evolution" presented at the 2nd International Traffic Monitoring and Analysis (TMA'10) Workshop colocated with the Passive and Active Measurement (PAM) Conference in April 2010. We have also published recommendations for future large scale simultaneous DNS data collections.