Who Are Querying For Me? Egress Measurement For Open DNS Resolvers
Abstract: The dependencies and centralization in DNS infrastructure increase the risk of single-point failure and the scope of collateral damage. In the DNS recursive resolution, dependencies between different resolvers also exist due to situations such as forwarding. Currently, research on dependencies in recursive resolution is still insufficient. In this work, we take a deep insight into the recursive resolution implemented by open resolvers to investigate their dependencies, including the concentration of dependencies, and the influence of 3rd-party providers. We find that most open resolvers in the wild are dependent on a small number of egress resolvers to communicate with the authoritative name servers. 90% of the open resolvers are influenced by 8.41% of the egress resolvers. Besides, egress resolvers from 3rd-party providers are able to influence more than 44% of the open resolvers. The concentration makes a large amount of DNS traffic concentrated in a small number of egress resolvers/providers, which will reduce the redundancy of DNS and threaten user privacy.
Loading