[dnsext] measurements using the EDNS-Client-Subnet extension
Florian Streibelt <florian@inet.tu-berlin.de> Mon, 08 July 2013 08:42 UTC
Return-Path: <florian@inet.tu-berlin.de>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 573EC21F8506 for <dnsext@ietfa.amsl.com>; Mon, 8 Jul 2013 01:42:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H3F6BvyjKoLN for <dnsext@ietfa.amsl.com>; Mon, 8 Jul 2013 01:42:17 -0700 (PDT)
Received: from mail.net.t-labs.tu-berlin.de (mail.net.t-labs.tu-berlin.de [IPv6:2001:470:96b9:4:130:149:220:252]) by ietfa.amsl.com (Postfix) with ESMTP id 230F921F85E0 for <dnsext@ietf.org>; Mon, 8 Jul 2013 01:40:10 -0700 (PDT)
Received: from fls-nb.lan.streibelt.net (91-64-122-25-dynip.superkabel.de [91.64.122.25]) by mail.net.t-labs.tu-berlin.de (Postfix) with ESMTPSA id AFAD14C01DE for <dnsext@ietf.org>; Mon, 8 Jul 2013 10:39:40 +0200 (CEST)
Date: Mon, 08 Jul 2013 10:39:38 +0200
From: Florian Streibelt <florian@inet.tu-berlin.de>
To: dnsext@ietf.org
Message-ID: <20130708103938.0a685dfa@fls-nb.lan.streibelt.net>
Organization: FG INET, T-Labs
X-Mailer: Claws Mail 3.9.1 (GTK+ 2.24.18; x86_64-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Subject: [dnsext] measurements using the EDNS-Client-Subnet extension
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jul 2013 08:42:19 -0000
My mail from Wed, 26 Jun 2013 18:01:31 +0200 did not came through: Hello, in our work with the EDNS-Client-Subnet extension we noticed that it offers unique measurement opportunities. Below you find the abstract to our paper on "Unintended Consequences: Exploring EDNS-Client-Subnet Adopters in your Free Time" where we used the client IP extension to explore the mapping of client-IP's to server-IP's in CDNs including google and edgcast. We mentioned this to Ted Lemon and Andrew Sullivan, who suggested that this work may be of interest to the wider audience of both DNS related working groups (sorry for cross posting). As the next IETF meeting is in Berlin (and we are based in Berlin) I would be happy taking the chance of presenting the paper at the upcoming meeting. Any comments? cheers, Florian Abstract of "Unintended Consequences: Exploring EDNS-Client-Subnet Adopters in your Free Time"; The recently proposed DNS extension, EDNS-Client-Subnet (ECS), has been quickly adopted by major Internet companies such as Google to better assign user requests to their servers and improve end-user experience. In this paper, we show that the adoption of ECS also offers unique, but likely unintended, opportunities to uncover details about these companies' operational practices at almost no cost. A key observation is that ECS allows everyone to resolve domain names of ECS adopters on behalf of any arbitrary IP/prefix in the Internet. In fact, by utilizing only a single residential vantage point and relying solely on publicly available information, we are able to (i) uncover the global footprint of ECS adopters with very little effort, (ii) infer the DNS response cacheability and end-user clustering of ECS adopters for an arbitrary network in the Internet, and (iii) reveal the mapping of users to server locations as practiced by major ECS adopters. While pointing out such new measurement opportunities, our work is also intended to make current and future ECS adopters aware of which operational information gets exposed when utilizing this recent DNS extension. -- Florian Streibelt Chair "Intelligent Networks" (INET) TEL 16 Technische Universität Berlin Ernst-Reuter-Platz 7 10587 Berlin GERMANY
- [dnsext] measurements using the EDNS-Client-Subne… Florian Streibelt