Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Ecology of Open Resolvers

ytakano
March 16, 2015
Technology
0
470

The Ecology of Open Resolvers

This slide shows the result of active scan and passive monitoring of DNS open resolvers in 2013.

ytakano

March 16, 2015
Tweet

More Decks by ytakano

See All by ytakano
論理構造入門
ytakano
0
200
アクターモデル
ytakano
0
500
π計算
ytakano
0
61
FARIS: Fast and Memory-efficient URL Filter by Domain Specific Machine
ytakano
0
150
リアクティブプログラミング
ytakano
0
580
MindYourPrivacy: Design and Implementation of a Visualization System for Third-Party Web Tracking - IEEE PST 2014
ytakano
0
420
SF-TAP: Scalable and Flexible Traffic Analysis Platform running on Commodity Hardware
ytakano
0
650
SF-TAP Tutorial Flow Abstractor ver.
ytakano
0
660
Survey of Transactional Memory
ytakano
0
740

Other Decks in Technology

See All in Technology
大規模アジャイルフレームワークから学ぶエンジニアマネジメントの本質
staka121
PRO
3
1.6k
Log Analytics を使った実際の運用 - Sansan Data Hub での取り組み
sansantech
PRO
0
120
マルチアカウント環境における組織ポリシーについて まとめてみる
nrinetcom
PRO
2
110
開発者のための FinOps/FinOps for Engineers
oracle4engineer
PRO
2
260
ABWG2024採択者が語るエンジニアとしての自分自身の見つけ方〜発信して、つながって、世界を広げていく〜
maimyyym
1
220
Cracking the Coding Interview 6th Edition
gdplabs
14
28k
開発者体験を定量的に把握する手法と活用事例
ham0215
0
140
開発組織を進化させる!AWSで実践するチームトポロジー
iwamot
2
540
フォーイット_エンジニア向け会社紹介資料_Forit_Company_Profile.pdf
forit_tech
1
1.7k
OCI Success Journey OCIの何が評価されてる?疑問に答える事例セミナー(2025年2月実施)
oracle4engineer
PRO
2
220
プロダクト開発者目線での Entra ID 活用
sansantech
PRO
0
130
LINE NEWSにおけるバックエンド開発
lycorptech_jp
PRO
0
370

Featured

See All Featured
Building Adaptive Systems
keathley
40
2.4k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
46
2.4k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
47
5.2k
Building an army of robots
kneath
303
45k
Speed Design
sergeychernyshev
27
820
Making the Leap to Tech Lead
cromwellryan
133
9.1k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
440
Designing Experiences People Love
moore
140
23k
RailsConf 2023
tenderlove
29
1k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
Optimising Largest Contentful Paint
csswizardry
34
3.1k

Transcript

  1. 5IF&DPMPHZPG0QFO 3FTPMWFST /BUJPOBM*OTUJUVUFPG*OGPSNBUJPOBOE$PNNVOJDBUJPOT5FDIOPMPHZ +BQBO :VVLJ5BLBOP 1

  2. 5BCMFPG$POUFOUT w CBDLHSPVOEBOEQVSQPTF w BDUJWFTDBO w QBTTJWFNPOJUPS w DPODMVTJPO 2

  3. #BDLHSPVOE %/4"NQMJpDBUJPO"UUBDL w JODSFBTFEGSPN w POFPGUIF%%P4BUUBDL w BCVTFUIFGBDUUIBUSFTQPOTFQBDLFUTPG%/4 CFDPNFCJH w

    BUUBDLTBSFQFSGPSNFECZTPVSDFBEESFTT TQPPpOH 3

  4. 1VSQPTF w JOWFTUJHBUFPQFOSFTPMWFSTBCVTFECZ UIF%/4BNQMJpDBUJPOBUUBDL w PQFOSFTPMWFST w VTFSTPGPQFOSFTPMWFST 4

  5. "DUJWF4DBO w TDBOOFEXIPMF*1WBEESFTTTQBDF w 7&34*0/#*/%RVFSZ
 EJH!U595D$)"047&34*0/#*/% w SFDVSTJPOBWBJMBCMF 
 DIFDLXIFUIFSPQFOSFTPMWFSPSOPU

    w GSPN+VMZUIUP+VMZUI  5

  6. %JTUSJCVUJPOPG0QFO3FTPMWFST 6

  7. %JTUSJCVUJPO1FS3*3 ද 2 DNS αʔόιϑτ΢ΣΞछྨ෼෍ Table 2 Distribution of DNS

    Server Types Total APNIC RIPE ARIN LACNIC AFRINIC other Type of DNS # % # # # # # # BIND 9.x 4268442 (14.1%) 806357 1530177 1126501 169268 121556 514583 † 1851362 ( 6.1%) 551458 781954 176399 94385 117906 129260 BIND 8.x 35218 (0.1%) 4588 21348 6663 974 32 1613 † 30444 (0.1%) 4202 18958 5186 854 31 1213 BIND 4.x 3486 (0.0%) 121 2751 440 43 0 131 † 2765 (0.0%) 93 2256 348 11 0 57 Dnsmasq 1308653 (4.3%) 692042 216273 75201 226880 32676 65581 † 1308381 (4.3%) 692026 216028 75196 226877 32676 65578 Nominum Vantio 968041 (3.2%) 553404 284852 20142 21205 70861 17577 † 967044 (3.2%) 552650 284782 20125 21200 70736 17551 Nominum ANS 687 (0.0%) 18 34 79 42 2 512 † 13 (0.0%) 2 0 0 11 0 0 PowerDNS 373588 (1.2%) 14215 329994 14360 2952 91 11976 † 372684 (1.2%) 14207 329116 14354 2952 91 11964 Unbound 71781 (0.2%) 16230 43507 6941 1510 1585 2008 † 23220 (0.0%) 3281 14398 4638 315 312 276 NSD 33933 (0.1%) 1731 11077 17182 322 13 3608 † 17 (0.0%) 5 5 2 1 0 4 can’t detect 8281885 (27.3%) 4012525 2367711 429450 690618 279903 501678 † 7658656 (25.3%) 3911886 2118455 244682 670597 278183 434853 Windows series 11698 (0.0%) 184 1077 85 10312 0 40 † 11342 (0.0%) 129 865 67 10257 0 24 no version info 14927910 (49.3%) 3457029 4505928 1442348 4025325 699029 798251 † 12746062 (42.1%) 3050589 3465814 1179188 3919438 668399 462634 Total 30285322 (100.0%) 9558444 9314729 3139392 5149451 1205748 1917558 † 24971990 (82.5%) 8780528 7232631 1720185 4946898 1168334 1123414 †: DNS ΦʔϓϯϦκϧό 2013 ೥ 7 ݄ 5 ೔ 17 ࣌ 26 ෼ - 7 ݄ 6 ೔ 19 ࣌ 38 ෼ (JST)

  8. %JTUSJCVUJPO1FS%PNBJO ࿦จʗDNS ΦʔϓϯϦκϧόͷ࣮ଶ

  9. %JTUSJCVUJPO1FS+1%PNBJO ిࢠ৘ใ௨৴ֶձ࿦จࢽ xxxx/xx Vol. Jxx–B No. xx

  10. 1BTTJWF.POJUPS   4JMFOU.POJUPS w DBQUVSFTDBOQBDLFUTGPS%/4 w GSPN4FQUIUP+BOUI 10

  11. 2VFSZ5ZQFTPG4DBO 1BDLFUT ද 3 ୳ࡧύέοτͷΫΤϦλΠϓ౷ܭ Table 3 Query Types of

    Probe Packet type # A 11,972 ANY 268 PTR 7 NS 5 TXT 1 11

  12. 2VFSZ/BNFTPG4DBO 1BDLFUT TXT 1 ද 4 ୳ࡧύέοτͷΫΤϦ໊౷ܭ Table 4 Query

    Names of Probe Packet query name # www.ujiaoban.com. 1,145 vip3.gfdns.net. 666 dnsscan.shadowserver.org. 593 www.iana.org. 143 pay.13hp.com. 84 . 72 ghmn.ru. 48 loo1.ru. 29 isc.org. 28 fkfkfkfa.com. 21 12

  13. 2VFSZ0SJHJO w "4 FDBUFMOFU  w EOTTDBOTIBEPXTFSWFSPSH w PQFOSFTPMWFSQSPKFDUPSH w

    BOENBOZPUIFSPSJHJOT 13

  14. 1BTTJWF.POJUPS   6TF"DUVBM0QFO3FTPMWFS w XFQSFQBSFEUZQFTPGPQFOSFTPMWFST w OPSNBMPQFOSFTPMWFS w OPSFTUSJDUJPO

    w SFTQPOEUPBMMRVFSJFT w SFTUSJDUFEPQFOSFTPMWFS w ESPQRVFSJFTGSPN"4 14

  15. 2VFSZ5ZQFT ɼ ΑΓɼA ΫΤϦʹΑΔ߈ܸʹ΋զʑͷΦʔϓϯϦκϧ ό͕ѱ༻͞ΕͨՄೳੑ͕ߴ͍͜ͱ͕Θ͔Δɽ ද 5 ΦʔϓϯϦκϧόͷར༻ΫΤϦλΠϓ౷ܭ Table 5

    Query Types to Open Resolver type # # (drop AS 29073) ANY 33,564,934 14,359,798 A 2,910,108 727,044 TXT 38,292 32,618 RRSIG 4,719 0 MX 1 0 SOA 1 0 SRV 1 1 TYPE0 0 78,088 11 15

  16. 2VFSZ4UBUJTUJDTPG"/: 16 ϓϯϦκϧόͷυϝΠϯ෼෍ (্Ґ 100 Ґ) DNS Open Resolvers in

    JP TLD (Top 100) 6 ද غ . ͯ དྷ ɽ ͨ ۃ Ϋ ද 6 ANY ΫΤϦ౷ܭ Table 6 ANY Query Statistics query #queries #queries (drop AS 29073) pkts.asia. 10,971,788 331 isc.org. 10,926,653 9,369,123 . 2,758,851 2,668,052 krasti.us. 1,974,023 3 fkfkfkfa.com. 1,701,773 20 ym.rctrhash.com. 916,113 1,346,231 ghmn.ru. 689,708 3 x.slnm.info. 650,039 1 lrc-pipec.com. 515,806 21,557 eschenemnogo.com. 452,167 444,744

  17. 2VFSZ4UBUJTUJDTPG" ࿦จʗDNS ΦʔϓϯϦκϧόͷ࣮ଶ ද 7 A ΫΤϦ౷ܭ Table 7 A

    Query Statistics query #queries #queries (drop AS 29073) reanimator.in. 873,583 11 ilineage2.ru. 863,495 6 eschenemnogo.com. 711,605 711,703 txt.fwserver.com.ua. 219,073 2 lrc-pipec.com. 210,354 9 ghmn.ru. 18,393 14,894 1x1.cz. 6,798 1 doc.gov. 5,963 0 aa.10781.info. 191 178 dnsscan.shadowserver.org. 101 91 17

  18. 5JNF$IBSUPG"/: no restriction drop AS 29073 18

  19. 5JNF$IBSUPG" no restriction drop AS 29073 19

  20. "4JT1SPCBCMZ "CVTFECZ%%P4 hosting server of Netherland bitcon purchase available 20

  21. $PODMVTJPO w UIFSFBSFNBOZPQFOSFTPMWFSTJOUIJT XPSME BCPVUNJMMJPO  w "4JTQSPCBCMZBCVTFEGPS%%P4 BUUBDL 21