Ten Million DNS Resolvers on the Internet

by Joe Abley on March 22, 2012

Resolvers are servers on the Internet which use the Domain Name System (DNS) protocol [TXT, 120 KB] to retrieve information from authoritative servers and return answers to end-user applications. They’re often found in enterprise and ISP networks, and there are a number of public resolver services provided by people like Google and OpenDNS. It’s also possible to configure your own computer to be a resolver, or to deploy your own in your own network using free software like ISC BIND9 and NLNet Labs’ unbound.

So, all in all, how many resolvers are there? Given that anybody can run one, it seems like a difficult thing to measure. It turns out, however, that all resolvers that talk directly to authoritative servers on the Internet leave a trail, and with a little data crunching we can come up with a number.

Back in 2010, ICANN, VeriSign and NTIA concluded a successful collaboration to deploy DNSSEC [TXT, 52 KB] in the root zone of the DNS. As part of that project, Root Server Operators collected DNS requests that were delivered to their individual Root Server infrastructure, and deposited the resulting data with DNS-OARC for analysis.

The goal of this data collection exercise was to try and identify any potential problems for DNS clients due to DNSSEC deployment. The by-product of this exercise, however, is a data set which provides insight into DNS traffic between a highly-representative set of DNS resolvers and DNS authority servers (almost all resolvers talk to a root server every once in a while).

One of the data collection exercises carried out had a particularly long time-base. The collection is referred to as "LTQC" (Long-Term Query Collection) and it concerned itself just with priming queries, that is, the initial query that every resolver sends to a root server when it starts up in order to obtain an up-to-date set of DNS root server names.11 of the 13 root servers contributed data to this collection, including L-Root, the root server operated by ICANN. Data was collected between November 2009 and July 2010.

So, here’s our methodology: we look at every request contained in the LTQC packet-capture, and count the number of unique IPv4 and IPv6 source addresses.

During the collection period, we saw 9,945,017 unique source addresses, of which 59,489 (0.60%) were IPv6 and  and 9,885,528 (99.40%) were IPv4.

So which resolvers won’t we see?

We won’t see internal resolvers that don’t send queries to authoritative servers on the Internet directly, but instead send them via other intermediate resolvers. Included in this class of resolver are any that are hidden behind middleboxes that redirect DNS queries to a central cache, or otherwise change normal priming behaviour.

We won’t necessarily see internal resolvers that are deployed behind a Network Address Translator (NAT) — at least, in such a situation we might see only some of them.

We won’t see resolvers that started (and primed) before the data collection period started, and then never primed again before the end of that period.

We obviously won’t see any resolvers that were brought live after the collection period ended, and we assume that the number of resolvers is probably increasing due to the general growth of the Internet.

Any resolver that was renumbered during the collection period (and primed before and after the renumbering event) would be counted twice. Intuitively, this seems like a minor effect; we think most resolvers are renumbered fairly infrequently, since they are generally referred to by address rather than name.

Given the expected errors in the number we measured due to the effects described above, it seems appropriate to round the answer to a single significant figure; this at least gives us an order of magnitude for a lower bound.

What we are left with? That there are at least 10 million DNS resolvers on the Internet today.

{ 7 comments… read them below or add one }

Jim Fleming 03.22.12 at 12:17 pm

1. The year is 2012 – DNSMASQ has a large marketshare
2. There is a new DNS coming based on the DNSMASQ success
3. The new DNS does not have a central point of control/failure (i.e. IANA)
4. The [Trending.Root] is built on the fly via software in the new DNS – there are 4096 Top Level Domains

http://archive.icann.org/en/comments-mail/icann-current/msg00342.html

Verbs such as ZOOM are more interesting than Top Level Domains
ZOOM://BOX

Google://BitCoin
Google://NameCoin

Jim Fleming 03.25.12 at 7:47 am

“there are 4096 Top Level Domains”
12-12-12 is the flag day to turn on the IPv3 Port12 collapse code

12-bits are easy to describe with TWO 6-bit Symbols

.FL .TX .OK .NY are some of the States in the queue…

http://zoomname.yolasite.com/

COLOR.DNS
6-bit Coding bbbbbbNN
NN = 00-NoColor 01-Red 10-Green 11-Blue

The Official ZOOM://DNS 6-bit Alphabet
“0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-.”
a@ b♠ c© d♦ e= f☺ g& h# i| j♫ k♣ l/ m₪ n! o∞ p% q♥ r® s$ t™ u_ v^ w? x☼ y¥ z▒

COM is coded as 0`X

COM…1aY COM…2bZ COM…3c[

NET…\8t MARS…X(lp MMM…XXX

Jim Fleming 03.27.12 at 7:33 am

Each of the Virtual Currencies for each TLD has a unique 12-bit Port

The Genesis Block (Block 0) is created to start the Block Chain
http://bittco.yolasite.com/genesis.php

ZOOM=15.3.3.13 or 0xF33D = P2P Port 62,269
ZOOM://DNS on Port 62,269
COM=12.3.13 or 0xC3D = P2P Port 3133
NET=4.0.1 or 0x401 = P2P Port 1025
ZNZ=15.4.15 or 0xF4F = P2P Port 3919

Jim Fleming 03.27.12 at 8:55 am

This RFC appears to document the decision to cut into 100/8 for more VPN addressing…
http://tools.ietf.org/html/draft-vegoda-cotton-rfc5735bis-00.html
…existing users of 100/8 may be impacted (and not be routable)

Consumers can easily remember 10/8 and 100/8 for their VPNs.
That sets the stage for the 2-Layer NAT to NAT arrangements.

http://www.ietf.org/mail-archive/web/ietf/current/msg72638.html

Was the U.S. FCC consulted about the 100/8 Address Spectrum usage ?

http://www.fcc.gov/encyclopedia/communications-security-reliability-and-interoperability-council-iii
Council Meetings
3/22/12
Steve Crocker (ISOC ICANN)

http://www.fcc.gov/encyclopedia/technological-advisory-council
Vinton Cerf (ISOC ICANN ARIN)

March 20, 2012 – FCC Announces the next Technological Advisory
Committee Meeting on March 28, 2012

Jim Fleming 03.27.12 at 3:39 pm

“The IAB statement could be interpreted as a recommendation to ICANN to revise the Applicant Guidebook, or as a warning to be cautious when evaluating applied-for strings with certain properties.”

March 27, 2012
“Response to ICANN questions concerning “The interpretation of rules in the ICANN gTLD Applicant Guidebook”

http://www.iab.org/2012/03/27/iab-responds-to-icann-questions-concerning-the-interpretation-of-rules-in-the-icann-gtld-guidebook/

COLOR.DNS
6-bit Coding bbbbbbNN
NN = 00-NoColor 01-Red 10-Green 11-Blue

The Official ZOOM://DNS 6-bit Alphabet
“0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-.”
a@ b♠ c© d♦ e= f☺ g& h# i| j♫ k♣ l/ m₪ n! o∞ p% q♥ r® s$ t™ u_ v^ w? x☼ y¥ z▒

Jim Fleming 04.01.12 at 11:12 am

One of the great things about APRIL FIRST
( aka http://April.Fools.DAY )
…is that we can tell you exactly what we plan to do and you can dismiss it…
http://archive.icann.org/en/comments-mail/icann-current/msg00342.html

Some Inconvenient Truths

1. The 160-bit legacy (Ipv4) header can easily support 60-bit addressing
2. 60-bit addressing has been found to be more than adequate for LOCATORs
3. The remaining 68-bits in the DNS AAAA Records contain the ID Addressing with 4+60+4 format to allow encapsulated LOCs in IDs
4. When you connect a wireless device to a ZOOM://BOX you have taken the first step connecting to The.Real.Internet.®
5. One of your first experiences on The.Real.Internet.® will be to obtain a Digital.Wallet from the Wallet.Factory (The Wallet Objects contain Keys not money) Google://Bit.Coin
6. DNSMASQ has been cloned for the ZOOM://BOX and extended with the IPv3 and IPv16 support
7. Buying ZOOM took longer than expected
8. ZOOM is a verb – BOX is a noun
9. http://www.youtube.com/watch?v=vpTEtM_SXrU
10. The Dirty.Bit used be called DF – Don’t Fragment
11. The new Internet.Technology.Institute (ITI.®) is being built in Northland.New.Zealand
12. Yes we have our own programming languages and operating systems, protocols, DNS etc. that The.Big.Lie.Society will be sanctioned from using…
13. The ZOOM://BOX has a projector and some people think we modulate the light to do mind-control – it is not clear humans would be able to decode the messages from .MARS
14. COLOR.DNS – 5-bit Coding RGBbbbbb – RGB=000 for No.Color
15. The DNS is 8-bit Clear (pure binary labels) – the Resolver is needed to interpret the contents from the Server
16. The letter Z is a wild-card character – in the Wizard of .OZ the letters OZ were taken from a two drawer file cabinet with A-N on the top drawer. O-Z was the lower drawer which people did not open.
17. Enjoy your http://April.Fools.Day and http://Toys.R.US
18. 4096 Top Level Domains will eventually materialize – .BIZ will be RE-Launched using the approaches described in 1998 before ICANN
19. ASNs are FREE and no RIRs or IANA is needed – just select your 6-letter BRAND*** and buy a LLLLLL.NET domain (for now, before the .NET RE-Launch using Name.Coin)
20. The DHT has a 480-bit Key and 1024 byte Data with 4 bits for Time (Day,Week,Month,Year) – Put(Key,Data,Time) – Get(Key)
21. The Global.ROM is a variation on the DHT using a Bit.Throttle (similar to Bit.Coin)
22. UDP Peer-2-Peer packets with 12-bit Port values have the same Port Value as the Source, Destination and also in the deprecated Identification.Field of the 160-bit legacy header. Are 3 copies needed?
If the UDP Header is missing can it be reconstructed from the IP Header?
23. If 12-bits are spread across 16 can the extra 4-bits be used to randomly move the Port around? RbbbbRbbbbRbbbbR (12 is divisible by 3 and 4)
24. Are the /8s for home routers now ? 00/8 01/8 10/8 and 11/8 ?
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt
25. Are 00 01 10 11 binary values ? or is 10 decimal ? what does the IANA think 100/8 is ?
26. This is 26 but a /25 has more than a /30
27. Yes, there is more…
28. Check your ZOOM://BOX
29. A /29 is odd
30. Two /30s make a /60 for LOCATORs and One.Way IP addressing – 30 bits are routed first and the Source and Destination are swapped to allow the other 30 bits to be routed with the Dirty.Bit set

.BITT.r
.BITT.®

***The Official ZOOM://DNS 6-bit Alphabet
“0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-.”
a@ b♠ c© d♦ e= f☺ g& h# i| j♫ k♣ l/ m₪ n! o∞ p% q♥ r® s$ t™ u_ v^ w? x☼ y¥ z▒

Jim Fleming 04.15.12 at 10:40 am

“Competence is a reassuring zone, but when the boundaries change and your competence is no longer relevant, there are two choices — change, or fight to keep the status quo.”

Leave a Comment

You can use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Anti-spam image