M3: DNS Root Traffic Analysis

-

The usage of the DNS root servers is tracked by measuring the number of requests to the root for non-existing TLD (M3.1) and the number of requests to the root that would not have been necessary if the DNS resolvers cached the previous replies (M3.2). The number of requests that would be necessary in any case is given by the difference: 100% - M3.1 - M3.2. The causes for "name leaks" is further explained by metrics M3.3. In addition, the characteristics such as usage of EDNS, DNSSEC or QNAME minimizations are tracked by metrics M3.4, M3.5 and M3.6.

The following table provides the value observed for the metrics in the current month, as well as the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Metric Current Value Past 3 months Historic Low Historic High
M3.1 (% No Such Domain queries) - - - -
M3.2 (% cacheable queries) - - - -
Core (100% - M3.1 - M3.2) - - - -

The following graph shows the evolution of M3.1 and M3.2 over time:

Metrics M3.3, analysis of leaks

The number of requests to non-existing TLD, or “leaks”, is further explained by a set of sub-metrics measuring various forms of name leakage, including requests for special-used TLD registered per RFC 6761 (M3.3.1), requests for frequently used name strings (M3.3.2), requests for various forms of automatically generated names (M3.3.3), and all other forms of names, including malformed names (M3.3.4).

The following table provides the value observed for the metrics in the current month, as well as the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Metric Current Value Past 3 months Historic Low Historic High
M3.3.1 (% Queries to RFC 6761 reserved names) - - - -
M3.3.2 (% Queries to frequently leaked strings) - - - -
M3.3.3 (% Queries to frequently found name patterns) - - - -
M3.3.4(% Queries to other types of names) - - - -

The following tables provide the list of strings or patterns most frequently encountered as part of M3.3.1, M3.3.2, and M3.3.3.

Queries to RFC 6761 reserved names

In the following table, the current value is the fraction of queries to the root directed at RFC 6761 names in the current month. The table also provides the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Table M331 not found

Queries to frequently leaked strings

In the following table, the current value is the fraction of queries to the root directed at frequently used strings in the current month. The table also provides the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Table M332 not found

Queries to frequently found name patterns

In the following table, the current value is the fraction of queries to the root following a specific name pattern in the current month. The table also provides the average value over the 3 previous months, and the "historical" minimum and maximum observed since the beginning of the measurements.

Table M333 not found

Characteristics of resolvers seen at the root

Additional metrics characterize the options found in queries sent to the root, such as whether resolvers use extended DNS (M3.4.1), what EDNS options they use (M3.4.2), whether they set the DNSSEC OK bit in queries (M3.5), and whether they appear to enforce QName Minimization (M3.6):

Table M3.4, M3.5 and M3.6 was not initialized.