M3: DNS Root Traffic Analysis

-

The usage of the DNS root servers is tracked by measuring the number of requests to the root for non-existing TLD (M3.1) and the number of requests to the root that would not have been necessary if the DNS resolvers cached the previous replies (M3.2). The number of requests that would be necessary in any case is given by the difference: 100% - M3.1 - M3.2. The causes for "name leaks" is further explained by metrics M3.3. The patterns of 2nd level names in queries are tracked by metric M3.7. The relative importance of Chromioids is tracked by metric M3.9. The number of name parts in queries is tracked by metric M3.10. In addition, the characteristics such as usage of EDNS, DNSSEC or QNAME minimizations are tracked by metrics M3.4, M3.5 and M3.6.

The following table provides the value observed for the metrics in the current month, as well as the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Metric Current Value Past 3 months Historic Low Historic High
M3.1 (% No Such Domain queries) (?) - - - -
M3.2 (% cacheable queries) (?) - - - -
Core (100% - M3.1 - M3.2) (?) - - - -

The following graph shows the evolution of M3.1 and M3.2 over time:

Metrics M3.3, analysis of leaks

The number of requests to non-existing TLD, or “leaks”, is further explained by a set of sub-metrics measuring various forms of name leakage, including requests for special-used TLD registered per RFC 6761 (M3.3.1), requests for frequently used name strings (M3.3.2), requests for various forms of automatically generated names (M3.3.3), and all other forms of names, including malformed names (M3.3.4).

The following table provides the value observed for the metrics in the current month, as well as the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Metric Current Value Past 3 months Historic Low Historic High
M3.3.1 (% Queries to RFC 6761 reserved names) (?) - - - -
M3.3.2 (% Queries to frequently leaked strings) (?) - - - -
M3.3.3 (% Queries to frequently found name patterns) (?) - - - -
M3.3.4(% Queries to other types of names) - - - -

The following tables provide the list of strings or patterns most frequently encountered as part of M3.3.1, M3.3.2, and M3.3.3.

Queries to RFC 6761 reserved names (?)

In the following table, the current value is the fraction of queries to the root directed at RFC 6761 names in the current month. The table also provides the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Table M331 not found

Queries to frequently leaked strings (?)

In the following table, the current value is the fraction of queries to the root directed at frequently used strings in the current month. The table also provides the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Table M332 not found

Queries to frequently found name patterns (?)

In the following table, the current value is the fraction of queries to the root following a specific name pattern in the current month. The table also provides the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Table M333 not found

Fraction of Chromioids in root queries

The metric M3.9 tracks the fraction of queries that are sent to names dynamically generated using the algorithm implemented in Chromium browser:

Metric Current Value Past 3 months Historic Low Historic High
M3.9 (% Queries to Chromiods) (?) - - - -

Number of name parts in queries

The metric M3.10 tracks classifies the queries seen at the root by the number of name parts in the target name of the query. For each number of name parts, the metric tracks the fraction of of queries with target names having that number of parts.

Table M3_10 not found

Second level name strings frequently found in queries (?)

In the following table, the current value is the fraction of NX Domain queries to the root in which specific 2nd level name parts were found in the current month. The table also provides the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Table M3.7 not found

Characteristics of resolvers seen at the root

Additional metrics characterize the options found in queries sent to the root, such as whether resolvers use extended DNS (M3.4.1), what EDNS options they use (M3.4.2), whether they set the DNSSEC OK bit in queries (M3.5), and whether they appear to enforce QName Minimization (M3.6)

Table M3.4, M3.5, M3.6 and M3.8 was not initialized.