Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Ecology of Open Resolvers

ytakano
March 16, 2015
Technology
0
460

The Ecology of Open Resolvers

This slide shows the result of active scan and passive monitoring of DNS open resolvers in 2013.

ytakano

March 16, 2015
Tweet

More Decks by ytakano

See All by ytakano
論理構造入門
ytakano
0
190
アクターモデル
ytakano
0
500
π計算
ytakano
0
61
FARIS: Fast and Memory-efficient URL Filter by Domain Specific Machine
ytakano
0
150
リアクティブプログラミング
ytakano
0
580
MindYourPrivacy: Design and Implementation of a Visualization System for Third-Party Web Tracking - IEEE PST 2014
ytakano
0
420
SF-TAP: Scalable and Flexible Traffic Analysis Platform running on Commodity Hardware
ytakano
0
650
SF-TAP Tutorial Flow Abstractor ver.
ytakano
0
660
Survey of Transactional Memory
ytakano
0
730

Other Decks in Technology

See All in Technology
Platform Engineeringは自由のめまい
nwiizo
4
2k
ユーザーストーリーマッピングから始めるアジャイルチームと並走するQA / Starting QA with User Story Mapping
katawara
0
200
現場の種を事業の芽にする - エンジニア主導のイノベーションを事業戦略に装着する方法 -
kzkmaeda
2
2k
5分で紹介する生成AIエージェントとAmazon Bedrock Agents / 5-minutes introduction to generative AI agents and Amazon Bedrock Agents
hideakiaoyagi
0
240
Moved to https://speakerdeck.com/toshihue/presales-engineer-career-bridging-tech-biz-ja
toshihue
2
730
2024.02.19 W&B AIエージェントLT会 / AIエージェントが業務を代行するための計画と実行 / Algomatic 宮脇
smiyawaki0820
12
2.9k
次世代KYC活動報告 / 20250219-BizDay17-KYC-nextgen
oidfj
0
240
株式会社EventHub・エンジニア採用資料
eventhub
0
4.3k
目の前の仕事と向き合うことで成長できる - 仕事とスキルを広げる / Every little bit counts
soudai
24
7k
SA Night #2 FinatextのSA思想/SA Night #2 Finatext session
satoshiimai
1
140
2/18/25: Java meets AI: Build LLM-Powered Apps with LangChain4j
edeandrea
PRO
0
100
Building Products in the LLM Era
ymatsuwitter
10
5.3k

Featured

See All Featured
Music & Morning Musume
bryan
46
6.3k
How to Ace a Technical Interview
jacobian
276
23k
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
33
2.1k
Git: the NoSQL Database
bkeepers
PRO
427
64k
Keith and Marios Guide to Fast Websites
keithpitt
411
22k
The Pragmatic Product Professional
lauravandoore
32
6.4k
Designing for Performance
lara
604
68k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
How to train your dragon (web standard)
notwaldorf
91
5.8k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.5k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k

Transcript

  1. 5IF&DPMPHZPG0QFO 3FTPMWFST /BUJPOBM*OTUJUVUFPG*OGPSNBUJPOBOE$PNNVOJDBUJPOT5FDIOPMPHZ +BQBO :VVLJ5BLBOP 1

  2. 5BCMFPG$POUFOUT w CBDLHSPVOEBOEQVSQPTF w BDUJWFTDBO w QBTTJWFNPOJUPS w DPODMVTJPO 2

  3. #BDLHSPVOE %/4"NQMJpDBUJPO"UUBDL w JODSFBTFEGSPN w POFPGUIF%%P4BUUBDL w BCVTFUIFGBDUUIBUSFTQPOTFQBDLFUTPG%/4 CFDPNFCJH w

    BUUBDLTBSFQFSGPSNFECZTPVSDFBEESFTT TQPPpOH 3

  4. 1VSQPTF w JOWFTUJHBUFPQFOSFTPMWFSTBCVTFECZ UIF%/4BNQMJpDBUJPOBUUBDL w PQFOSFTPMWFST w VTFSTPGPQFOSFTPMWFST 4

  5. "DUJWF4DBO w TDBOOFEXIPMF*1WBEESFTTTQBDF w 7&34*0/#*/%RVFSZ
 EJH!U595D$)"047&34*0/#*/% w SFDVSTJPOBWBJMBCMF 
 DIFDLXIFUIFSPQFOSFTPMWFSPSOPU

    w GSPN+VMZUIUP+VMZUI  5

  6. %JTUSJCVUJPOPG0QFO3FTPMWFST 6

  7. %JTUSJCVUJPO1FS3*3 ද 2 DNS αʔόιϑτ΢ΣΞछྨ෼෍ Table 2 Distribution of DNS

    Server Types Total APNIC RIPE ARIN LACNIC AFRINIC other Type of DNS # % # # # # # # BIND 9.x 4268442 (14.1%) 806357 1530177 1126501 169268 121556 514583 † 1851362 ( 6.1%) 551458 781954 176399 94385 117906 129260 BIND 8.x 35218 (0.1%) 4588 21348 6663 974 32 1613 † 30444 (0.1%) 4202 18958 5186 854 31 1213 BIND 4.x 3486 (0.0%) 121 2751 440 43 0 131 † 2765 (0.0%) 93 2256 348 11 0 57 Dnsmasq 1308653 (4.3%) 692042 216273 75201 226880 32676 65581 † 1308381 (4.3%) 692026 216028 75196 226877 32676 65578 Nominum Vantio 968041 (3.2%) 553404 284852 20142 21205 70861 17577 † 967044 (3.2%) 552650 284782 20125 21200 70736 17551 Nominum ANS 687 (0.0%) 18 34 79 42 2 512 † 13 (0.0%) 2 0 0 11 0 0 PowerDNS 373588 (1.2%) 14215 329994 14360 2952 91 11976 † 372684 (1.2%) 14207 329116 14354 2952 91 11964 Unbound 71781 (0.2%) 16230 43507 6941 1510 1585 2008 † 23220 (0.0%) 3281 14398 4638 315 312 276 NSD 33933 (0.1%) 1731 11077 17182 322 13 3608 † 17 (0.0%) 5 5 2 1 0 4 can’t detect 8281885 (27.3%) 4012525 2367711 429450 690618 279903 501678 † 7658656 (25.3%) 3911886 2118455 244682 670597 278183 434853 Windows series 11698 (0.0%) 184 1077 85 10312 0 40 † 11342 (0.0%) 129 865 67 10257 0 24 no version info 14927910 (49.3%) 3457029 4505928 1442348 4025325 699029 798251 † 12746062 (42.1%) 3050589 3465814 1179188 3919438 668399 462634 Total 30285322 (100.0%) 9558444 9314729 3139392 5149451 1205748 1917558 † 24971990 (82.5%) 8780528 7232631 1720185 4946898 1168334 1123414 †: DNS ΦʔϓϯϦκϧό 2013 ೥ 7 ݄ 5 ೔ 17 ࣌ 26 ෼ - 7 ݄ 6 ೔ 19 ࣌ 38 ෼ (JST)

  8. %JTUSJCVUJPO1FS%PNBJO ࿦จʗDNS ΦʔϓϯϦκϧόͷ࣮ଶ

  9. %JTUSJCVUJPO1FS+1%PNBJO ిࢠ৘ใ௨৴ֶձ࿦จࢽ xxxx/xx Vol. Jxx–B No. xx

  10. 1BTTJWF.POJUPS   4JMFOU.POJUPS w DBQUVSFTDBOQBDLFUTGPS%/4 w GSPN4FQUIUP+BOUI 10

  11. 2VFSZ5ZQFTPG4DBO 1BDLFUT ද 3 ୳ࡧύέοτͷΫΤϦλΠϓ౷ܭ Table 3 Query Types of

    Probe Packet type # A 11,972 ANY 268 PTR 7 NS 5 TXT 1 11

  12. 2VFSZ/BNFTPG4DBO 1BDLFUT TXT 1 ද 4 ୳ࡧύέοτͷΫΤϦ໊౷ܭ Table 4 Query

    Names of Probe Packet query name # www.ujiaoban.com. 1,145 vip3.gfdns.net. 666 dnsscan.shadowserver.org. 593 www.iana.org. 143 pay.13hp.com. 84 . 72 ghmn.ru. 48 loo1.ru. 29 isc.org. 28 fkfkfkfa.com. 21 12

  13. 2VFSZ0SJHJO w "4 FDBUFMOFU  w EOTTDBOTIBEPXTFSWFSPSH w PQFOSFTPMWFSQSPKFDUPSH w

    BOENBOZPUIFSPSJHJOT 13

  14. 1BTTJWF.POJUPS   6TF"DUVBM0QFO3FTPMWFS w XFQSFQBSFEUZQFTPGPQFOSFTPMWFST w OPSNBMPQFOSFTPMWFS w OPSFTUSJDUJPO

    w SFTQPOEUPBMMRVFSJFT w SFTUSJDUFEPQFOSFTPMWFS w ESPQRVFSJFTGSPN"4 14

  15. 2VFSZ5ZQFT ɼ ΑΓɼA ΫΤϦʹΑΔ߈ܸʹ΋զʑͷΦʔϓϯϦκϧ ό͕ѱ༻͞ΕͨՄೳੑ͕ߴ͍͜ͱ͕Θ͔Δɽ ද 5 ΦʔϓϯϦκϧόͷར༻ΫΤϦλΠϓ౷ܭ Table 5

    Query Types to Open Resolver type # # (drop AS 29073) ANY 33,564,934 14,359,798 A 2,910,108 727,044 TXT 38,292 32,618 RRSIG 4,719 0 MX 1 0 SOA 1 0 SRV 1 1 TYPE0 0 78,088 11 15

  16. 2VFSZ4UBUJTUJDTPG"/: 16 ϓϯϦκϧόͷυϝΠϯ෼෍ (্Ґ 100 Ґ) DNS Open Resolvers in

    JP TLD (Top 100) 6 ද غ . ͯ དྷ ɽ ͨ ۃ Ϋ ද 6 ANY ΫΤϦ౷ܭ Table 6 ANY Query Statistics query #queries #queries (drop AS 29073) pkts.asia. 10,971,788 331 isc.org. 10,926,653 9,369,123 . 2,758,851 2,668,052 krasti.us. 1,974,023 3 fkfkfkfa.com. 1,701,773 20 ym.rctrhash.com. 916,113 1,346,231 ghmn.ru. 689,708 3 x.slnm.info. 650,039 1 lrc-pipec.com. 515,806 21,557 eschenemnogo.com. 452,167 444,744

  17. 2VFSZ4UBUJTUJDTPG" ࿦จʗDNS ΦʔϓϯϦκϧόͷ࣮ଶ ද 7 A ΫΤϦ౷ܭ Table 7 A

    Query Statistics query #queries #queries (drop AS 29073) reanimator.in. 873,583 11 ilineage2.ru. 863,495 6 eschenemnogo.com. 711,605 711,703 txt.fwserver.com.ua. 219,073 2 lrc-pipec.com. 210,354 9 ghmn.ru. 18,393 14,894 1x1.cz. 6,798 1 doc.gov. 5,963 0 aa.10781.info. 191 178 dnsscan.shadowserver.org. 101 91 17

  18. 5JNF$IBSUPG"/: no restriction drop AS 29073 18

  19. 5JNF$IBSUPG" no restriction drop AS 29073 19

  20. "4JT1SPCBCMZ "CVTFECZ%%P4 hosting server of Netherland bitcon purchase available 20

  21. $PODMVTJPO w UIFSFBSFNBOZPQFOSFTPMWFSTJOUIJT XPSME BCPVUNJMMJPO  w "4JTQSPCBCMZBCVTFEGPS%%P4 BUUBDL 21