Jakob Dhondt

UPDATE 19.02.2019:

From February 2019 on there will be a few small changes. A co-worker, Antoine, has discovered a flaw in the current measurement of the top 1000 .ch domain names which has been removed by now. Since we only counted the number of distinct IP addresses per domain for both IP versions, using IPv6 one can easily send queries from a whole /64 range which results in approximately 1.8*10^19 different addresses. Being a private customer of the Swiss ISP Init7 even gives you an entire /48 range. Like that you can easily push a domain name to the top! In order to prevent this from happening we will now count the distinct number of ASes per domain.

Additionally, we will provide 2 lists from now on. One that contains a ranking based on ALL queries, i.e. including queries that have returned NXDOMAIN, and one whithout those NXDOMAIN queries. Previously, we just provided the former. Continue reading “Top 1000 .ch Domain Names”

Ever wondered what the DNS traffic looks like on a usual day on a .ch name server? This article briefly sketches the landscape of systems querying .ch domains. To be exact, the following statistics and statements are based on a small subset of the overall data since the underlying sources just consist of 2 out of 8 name servers, i.e. a.nic.ch and b.nic.ch. Overall the .ch zone consists of 8 name servers distributed all over the world. While some of them are setup as anycast network, others are set up traditionally as unicast servers located in a single data center.

We capture the DNS traffic as pcaps and subsequently process and store it with the help of Entrada which relies on HDFS and Impala. Currently, we operate a Hadoop cluster with 7 data nodes which provides us with a good basis for future in-depth analysis.

The following sections discuss two statistics that we publish on www.nic.ch in greater detail.

Who queries the name servers?

To start with, let’s have a look at who queries our name servers. Figure 1 shows the top 10 countries in terms of generated DNS traffic observed during week 4 of 2018. Additionally, the share of distinct IP addresses per country is displayed with a second bar. Since the original DNS traffic does not contain explicit information about the country where the query originates from this information is being added by Entrada with the help of the Maxmind database. To have a more representative image of the DNS landscape, Google resolvers and OpenDNS resolvers are excluded from this statistic. Although from the queries themselves one cannot be sure about the nature of the querying system, for convenience, throughout this article we’ll call those systems resolvers.