Oct 13 – 14, 2018
Okura Hotel
Europe/Amsterdam timezone

DNSThought - Everything you ever wanted to know about caching resolvers but were afraid to ask

Oct 13, 2018, 4:30 PM
Heian I/II (Okura Hotel)

Heian I/II

Okura Hotel

Ferdinand Bolstraat 333 1072 LH Amsterdam NL
Standard Presentation Public Workshop Joint OARC & CENTR-Tech Public Workshop


Willem Toorop (NLnet Labs)


On 20 and 21 April 2017, the RIPE DNS measurements hackathon took place. Our team created DNSThought: a measurements analysis portal providing insight into caching resolver's availability and capabilities. In the context of the project permanent running measurements were started for all resolvers of all probes in RIPE Atlas, measuring:

  • Resolver identity (what IPs are seen at the authoritative eventually)
  • IPv6 capability (can the resolver query IPv6 only nameservers)
  • IPv4 and IPv6 TCP support
  • NXDOMAIN hijacking

In June that year (2017), DNSThought started collaborating with the rootcanary project, and 78 more measurements were started looking into DNSSEC algorithm support. In July 2018 measurements were added for the root key trust anchor sentinel for DNSSEC.

In the presentation we show progression of those resolver capabilities over the last 18 month, and also how the portal can be used as a tool for operators and researches to provide detailed insight in availability and progression of capabilities of certain resolvers -- by ASN and/or geographical location -- currently and in the past.

Talk Duration 30 Minutes

Primary author

Willem Toorop (NLnet Labs)


Jerry Lundström (DNS-OARC) Andrea Barberio Petros Gigis Teemu Rytilahti

Presentation materials