M4: DNS Recursive Server Analysis


The M4 metrics analyze the DNS traffic at Recursive Servers. This is somewhat similar to the M3.3 set of metrics, with the difference that M3.3 analyze the traffic arriving to the root, which may be heavily filtered by the recursive resolvers. M4 attempts to measure the original behavior of DNS clients. M4 comprises 4 metrics, measuring the fraction of queries going to delegated TLD, to RFC 6761 special use names, to frequently leaked strings, and to other strings.

The M4 metric also tracks the usage of DNSSEC at recursive servers through metric M4.5:

The following table provides the value observed for these metrics in the current month, as well as the average value over the 3 months preceeding this one, and the lowest and highest values observed since the start of the measurement.

Current Value Past 3 months Historic Low Historic High
M4.1: % of queries directed at delegated TLDs. - - - -
M4.2: % of queries directed at RFC 6761 names. - - - -
M4.3: % of queries directed at frequently used strings. - - - -
M4.4: All other traffic. - - - -
DNSSEC M4.5: % of Clients setting the DNSSEC OK bit in queries - - - -

The following tables provide the list of names or strings most frequently encountered as part of M4.2 and M4.3.

Queries to RFC 6761 names

Table M42 not found

Queries to frequently leaked strings

Many of the strings frequently used at recursive resolvers correspond to local values, such as names of specific servers in the local network. We don't want to publish these names for privacy reasons. The corresponding queries are tabulated under a generic category, "(local host names)". The only strings that we list are those found in the top 128 strings leaked to the root, as measured with metric M3.

Table M43 not found