ITHI M5: DNS Recursive Resolver Integrity

The M5 metrics measure the "integrity" with which resolvers process queries. There are five components in the M5 metric:

The M5 metric is computed by APNIC. The process involves buying Google ads to generate a large number of "impressions" every day. The count varies from day to day, as explained here. Each ad runs a script that causes a script to be run, which resolves DNS names and loads web pages under APNIC control. The URL of the web page is personalized, enabling APNIC to correlate the traffic seen at the DNS resolver and web server with the script run at the client. The source address of the DNS queries received by APNIC identifies the resolver. The country in which the client is located is deduced for the source IP address of the web requests, using an IP address geolocation database.

The statistics provide tabulation "per user" and "per resolver". The tabulation per resolver is straightforward, as each resolver can be identified by its IP address. The computation per user would be straightforward if the Google Ads were a randomized sampling of all Internet users, but that's not the case. Ad distribution is affected by a number of factor, resulting in oversampling of some countries, and undersampling of some others. APNIC compensate against by computing the number of impression per country, based on the IP addresses of the clients, and then computing a "per country" weight defined as the ratio of the number of Internet users in the country divided by the number of impressions in that country.

The web pages used by the script generate a different URL for each user, with a unique domain name and a known TTL. APNIC can observe DNS requests trying to "refresh the cache" for these domain names, and can infer from there the cache refresh strategies used by the resolvers.

The complete list of M5 metrics is listed in the following table:

M5.1 (% alignment of cache time to SOA TTL)
M5.1.1 % of users using resolvers that re-fetch early
M5.1.2 % of users using resolvers that re-fetch according to TTL
M5.1.3 % of users using indeterminate resolvers
M5.1.4 % of resolvers that re-fetch early
M5.1.5 % of resolvers that re-fetch according to TTL
M5.1.6 % of resolvers where cache time is indeterminate
M5.2 (% auto cache refresh)
M5.2.1 % of users using resolvers that auto-refresh their cache
M5.2.2 % of query load due to cache refresh
M5.2.3 % of resolvers that auto-refresh their cache
M5.3 (% EDNS0 DO query rate)
M5.3.1 % of users using resolvers that set the DO bit in queries
M5.3.2 % of resolvers that set the DO bit in queries
M5.4 (%DNSSEC Validation rate)
M5.4.1 % of users using resolvers that perform DNSSEC validation
M5.4.2 % of resolvers that perform DNSSEC validation
M5.5 (Distribution of resolver use)
M5.5 % of users using one of the top 10,000 resolvers

The current values of the metrics is available here.