Studying DNS Server Characteristics
If you're reading this, then you probably control/monitor a DNS server that has been scanned by our research project. The main thrust of this study is to examine the characteristics of publicly available recursive DNS servers. We are examining several aspects such as cache lifetime, TTL behavior, and some others.
For this study, we are utilizing the PlanetLab Network to perform the measurements. While there are a little over a hundred nodes (computers) in the PlanetLab network currently running this experiment, the number of nodes that contacts any given DNS server should be a handful.
The typical interaction (or a single "run") with a given DNS server by our project is as follows: one PlanetLab node makes a series of approximately 5-150 queries to the DNS server. Then, 5 other PlanetLab nodes repeat these same queries at increasing intervals in order to determine cache lifetime, TTL behavior, etc. These 5 other nodes should make these queries at roughly 11 intervals, from less than a minute after the original set of queries up to roughly two hours afterwards. Over the course of the two hours, any given server shouldn't receive more than a few thousand queries (given that Bind running on even an old machine is capable of that every second, we hope that this isn't a burden on too many). We have attempted to make this set of queries to be reasonably non-disruptive, yet give us useful data. It is not inconveivable that this set of iterations might be repeated a few times as certain parameters are tweaked on our end, but these "runs" of the experiment will be widely (>24hrs) spaced.
If our study is disrupting your network in any way, please email Tom Callahan (contact info below) with the IP addresses of any DNS servers you want removed from the experiment and they will be removed from the list immediately.
FAQ:
Q: My DNS servers aren't published anywhere! How did you find them?
A: We randomly scanned approximately 200 million IP addresses (roughly 5% of the Internet) simply issuing recursive DNS queries and include hosts that do in our list.
Q: I'm getting some DNS packets to IPs in my netblock that don't even have DNS Servers!
A: We're probably working on refreshing our list of recursive DNS servers. If there is no server operating at an IP, you in general shouldn't get more than a packet or two to it. If it is a hardship, we can add your netblocks to a blacklist.
People
Kyle Schomp
PhD Student, Case Western Reserve University
Email: kyle.schomp@gmail.com
Misha Rabinovich
Professor, Case Western Reserve University
Misha's Web Page
Email: misha@eecs.case.edu
Mark Allman
Senior Research Scientist, International Computer Science Institute
Mark's Web Page
Email: mallman@icir.org
Tom Callahan
Project Alumni
Tom's Web Page
Email: trc36@case.edu