On 20 and 21 April 2017, the RIPE DNS measurements hackathon took place. Our team created DNSThought: a measurements analysis portal providing insight into caching resolver's availability and capabilities. In the context of the project permanent running measurements were started for all resolvers of all probes in RIPE Atlas, measuring:
- Resolver identity (what IPs are seen at the authoritative eventually)
- IPv6 capability (can the resolver query IPv6 only nameservers)
- IPv4 and IPv6 TCP support
- NXDOMAIN hijacking
In June that year (2017), DNSThought started collaborating with the rootcanary project, and 78 more measurements were started looking into DNSSEC algorithm support. In July 2018 measurements were added for the root key trust anchor sentinel for DNSSEC.
In the presentation we show progression of those resolver capabilities over the last 18 month, and also how the portal can be used as a tool for operators and researches to provide detailed insight in availability and progression of capabilities of certain resolvers -- by ASN and/or geographical location -- currently and in the past.
|Talk Duration||30 Minutes|