DNS Observatory: The Big Picture of the DNS

TitleDNS Observatory: The Big Picture of the DNS
Publication TypeConference Paper
Year of Publication2019
AuthorsForemski P, Gasser O, Moura G
Conference NameACM Internet Measurement Conference 2019
Date Published10/2019
Conference LocationAmsterdam, Netherlands

The Domain Name System (DNS) is thought of as having the simple-sounding task of resolving domains into IP addresses. With its stub resolvers, different layers of recursive resolvers, authoritative nameservers, a multitude of query types, and DNSSEC, the DNS ecosystem is actually quite complex.

DNS Observatory provides a bird's-eye view and allows to analyze the big picture of DNS. As data source DNS Observatory leverages globally distributed DNS probes acquiring a peak of 200K DNS queries per second between recursive resolvers and authoritative nameservers. For each observed query we extract traffic features, aggregate them, and track the top k DNS objects.

This allows us to characterize DNS deployments and evaluate the median response delays of DNS queries, where we find that the top 10% nameservers (which handle about half the traffic) have indeed a shorter response time than less popular nameservers. We also leverage DNS Observatory to show correlations between decreasing TTLs and increasing DNS traffic. Furthermore, the TTL data allows us to anticipate upcoming changes in the DNS infrastructure. Another aspect that we analyze in depth is the effect of the Happy Eyeballs algorithm in combination with low negative caching TTLs, which results in a share of up to 90% empty responses for some domains. Finally, we propose actionable measures to improve uncovered DNS issues and shortcomings and we offer interested researchers access to DNS Observatory.