Abstract
The Domain Name System (DNS) is one of the most critical Internet subsystems. While the majority of ISPs deploy and operate their own DNS infrastructure, many end users resort to third-party DNS providers with hopes of enhancing their privacy, security, and web performance. However, bad user choices and the uneven geographical deployment of DNS providers could render insecure and inefficient DNS configurations for millions of users. In this paper, we propose a novel and flexible measurement method to (1) study the infrastructure of recursive DNS resolvers, including both ISP's and third-party DNS providers' deployment strategies; and (2) study end-user DNS choices, both in a timely manner and at a global scale. For that, we leverage the outreach capacity of online advertising networks to distribute lightweight JavaScript-based DNS measurement scripts. To showcase the potential of our technique, we launch two separate ad campaigns that triggered more than 3M DNS lookups, which allow us to identify and study more than 76k recursive DNS resolvers giving support to more than 25k eyeball ASes in 178 countries. The analysis of the data offers new insights into the DNS infrastructure, such as user preferences towards third-party DNS providers (namely, Google, OpenDNS, Level3, and Cloudflare recursive DNS resolvers account for ~13% of the total DNS requests triggered by our campaigns), and into deployment decisions of many ISPs providing both mobile and fixed access networks to separate the DNS infrastructure serving each type of access technology.
Highlights
Internet users can leverage either the recursive Domain Name System (DNS) resolvers provided by their ISPs or those offered by third-party commercial DNS providers such as Google, OpenDNS, or CloudFlare
We run two small measurement campaigns to demonstrate the potential of the proposed methodology and highlight its ability to gain new insights into the deployment strategies followed by ISPs from all around the world, and user adoption choices
Our empirical results indicate that 13% of the global DNS lookups are resolved by third-party commercial DNS providers like Google DNS rather than by ISP-provided DNS resolvers
Summary
Internet users can leverage either the recursive DNS resolvers provided by their ISPs or those offered by third-party commercial DNS providers such as Google, OpenDNS, or CloudFlare. With a $450 USD budget —a relatively low amount for online advertising campaigns— we could run 3.8M DNS measurements from 2.5M public IPs (including both mobile and desktop users) distributed across 1M /24 IP prefixes from 25k ASes and 178 countries.1 These experiments allowed us to identify 76k IP addresses hosting recursive DNS resolvers across 49k /24 IP prefixes and 14k ASes.. 3) we compare the DNS infrastructure deployed by ISPs that serve users connecting over mobile and fixed networks The analysis of these aspects reveal new findings about DNS recursive resolvers not reported so far:. We observe a notable increase in the use of third-party commercial DNS providers by users accessing the Internet from countries reported to implement state-level censorship and mass surveillance. We are confident that stakeholders – from regulators to researchers and industry – will benefit from this technology to survey DNS usage trends, and to identify deployment and performance problems, both at the granularity of specific ASes and at a global scale
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
