Speaker
Paul Hoffman
(ICANN)
Description
The DITL data collected at DNS-OARC can be used for a variety of research. Here, I analyze QNAMEs in queries to the roots during the DITL 2017 to look at the prevalence of collisions for strings from earlier collision studies (such as "corp" and "home") as well as leakage from TLDs that are not expected to be in the root zone at all. This required looking at the entire dataset, collecting just the QNAMEs, sampling for likely leaked TLDs, and then ranking the data to show which TLDs that were not in the root zone were most commonly seen in the dataset.
In order to do this research, DNS-OARC set up a new server and I created new software to efficiently sample the data. The DITL data cannot be moved from DNS-OARC systems, and because looking at the QNAMEs is quite space-intensive, tradeoffs had to be made in the analysis. I describe that software (which has been published) and show how it can be used by other researchers who are using DNS-OARC systems to analyze various DITL data.
As a complement to the DITL-based research, I ran similar tests on L-root data kept at ICANN. In this research, I found some significant leaks that appear much more often during DITL than at other times. I show that L-root data can be used as a reasonable substitute for DITL data for some research, and suggest that data from other root servers might also be used in this fashion.
Summary
The DITL 2017 data shows which names are likely to be the most leaked from enclaves that use their own TLDs. The results are compared to recent L-root data to show that data from a large root operator can be used in a fashion similar to DITL data.
Talk Duration | 30 Minutes |
---|
Primary author
Paul Hoffman
(ICANN)