Speaker
Description
In this study, we examine DNS resolvers used by clients in the Nordic and Baltic countries, conducting active measurements to assess the adoption of security and privacy features. We utilize the RIPE Atlas network of volunteer-run probes for our measurements in July 2025 and analyzed 1066 unique probe-resolver pairs. We reveal that 92% supported IPv6, 87% were validating DNSSEC, 70% implemented QNAME Minimization, 83% avoided using EDNS Client Subnet, and 78% returned minimal responses to the client. We categorize the resolvers based on their network proximity to the client, allowing for more in-depth analysis. We found that private, within-AS, and public (outside-AS) resolvers shows varying levels of feature adoption across these categories. Comparing the Nordic and Baltic countries against each other focusing on preconfigured resolvers in the same AS as the probe (typically operated by ISPs), we found that Norway had the highest adoption of IPv6 support, Denmark had a 100% adoption of DNSSEC, Estonia had the highest adoption of QNAME Minimization, and all countries avoided using the EDNS Client Subnet. We also identified adoption correlations between data minimization features as well as links between DNSSEC and both QNAME Minimization and IPv6 support.
| Talk duration | 20 Minutes (+5 for Q&A) |
|---|
