IETF Logo Mail Archive

Re: [DNSOP] we already have a new version of this problem

"Wessels, Duane" <dwessels@verisign.com> Fri, 06 November 2015 19:32 UTC

Return-Path: <dwessels@verisign.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 920EF1B2F68 for <dnsop@ietfa.amsl.com>; Fri, 6 Nov 2015 11:32:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LERiyndr-C-0 for <dnsop@ietfa.amsl.com>; Fri, 6 Nov 2015 11:32:39 -0800 (PST)
Received: from mail-qg0-f99.google.com (mail-qg0-f99.google.com [209.85.192.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1E9B01B2F62 for <dnsop@ietf.org>; Fri, 6 Nov 2015 11:32:39 -0800 (PST)
Received: by qgeb1 with SMTP id b1so3989305qge.0 for <dnsop@ietf.org>; Fri, 06 Nov 2015 11:32:38 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:thread-topic:thread-index :date:message-id:references:in-reply-to:accept-language :content-language:content-type:content-id:content-transfer-encoding :mime-version; bh=PGtOz6H/MQ35JQVEmlbQvnMkU1gP8ys7TifmehI64Ko=; b=mQfD4eaasnPYtftgrJfyDhArgJaaHj1Y/qbhb5hJdeHjPoVYyRul50cHf+Vow6jRm0 Bse6w/63xvvPJ1X9Zq2FzEFudyDXMW69+f4Ug1U9AuFNoL9etcvt1jVNJu7VVjfO7PMR t6xPGhWgbs0KgaWRlQTlXVGCqrMBAkB2n5tyedaQzyKWLEf49uanB5Zkg+gg3YbH+Q5b rC7+yAg/N3oYbMuoOYmbcuSADzWKLg00AbdfxXJPmjK48oijOFjZa59zuIXCTFOUn4Gp EuUXW9bGqZAzeDwGV73gO6VOapPy65DOWotEhfhPfKyGYHVqGZVo2BIxjCFZO807ckZn YjAg==
X-Gm-Message-State: ALoCoQl2s1emENW7A9C9CcwaEQ2/QBQTmZLb79zs8tvwQMlemW1v/0geKugqukTZBGvDFN9ShvkRFIcQRDypNGOb8jL5g5AnnA==
X-Received: by 10.140.17.8 with SMTP id 8mr15159038qgc.80.1446838358182; Fri, 06 Nov 2015 11:32:38 -0800 (PST)
Received: from brn1lxmailout01.verisign.com (brn1lxmailout01.verisign.com. [72.13.63.41]) by smtp-relay.gmail.com with ESMTPS id w196sm187981qka.5.2015.11.06.11.32.38 (version=TLSv1 cipher=RC4-SHA bits=128/128); Fri, 06 Nov 2015 11:32:38 -0800 (PST)
X-Relaying-Domain: verisign.com
Received: from brn1wnexcas01.vcorp.ad.vrsn.com (brn1wnexcas01 [10.173.152.205]) by brn1lxmailout01.verisign.com (8.13.8/8.13.8) with ESMTP id tA6JWbSO022830 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=FAIL); Fri, 6 Nov 2015 14:32:37 -0500
Received: from BRN1WNEXMBX01.vcorp.ad.vrsn.com ([::1]) by brn1wnexcas01.vcorp.ad.vrsn.com ([::1]) with mapi id 14.03.0174.001; Fri, 6 Nov 2015 14:32:37 -0500
From: "Wessels, Duane" <dwessels@verisign.com>
To: Tony Finch <dot@dotat.at>
Thread-Topic: [DNSOP] we already have a new version of this problem
Thread-Index: AQHRGMnknSEJwLA48kOddGcsTrYVFA==
Date: Fri, 06 Nov 2015 19:32:36 +0000
Message-ID: <855E6C9C-79F5-4DE5-B1F8-574A697E9EF0@verisign.com>
References: <CAKr6gn0oiK9WKfN95b=muuxG0+0oKv8KDaq=xpabRf-zgCO+gQ@mail.gmail.com> <alpine.LSU.2.00.1511051112440.959@hermes-2.csi.cam.ac.uk>
In-Reply-To: <alpine.LSU.2.00.1511051112440.959@hermes-2.csi.cam.ac.uk>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.173.152.4]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <E5E687CD07B70041BED14D20923E5E80@verisign.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/dnsop/OaG7cAyUOimjKNWbVu3sGUUPBd0>
Cc: Stuart Cheshire <cheshire@apple.com>, dnsop WG <dnsop@ietf.org>, George Michaelson <ggm@algebras.org>
Subject: Re: [DNSOP] we already have a new version of this problem
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2015 19:32:40 -0000

> On Nov 5, 2015, at 3:26 AM, Tony Finch <dot@dotat.at> wrote:
> 
> Has anyone done a survey of where the leaked .home queries come from?

In the spirit of Measurement-Driven Protocol Engineering here are some recent data points from root servers:

Over the past 7 days Verisign observed an average of 200,000,000 ".home" queries per day from 120,000 distinct source addresses (per day).  These are queries sent to A-root and J-root.

Based on Geo-IP data we see queries from essentially every known country, with ~70% of total queries coming from the top 10 countries listed below:

US	14.27%
BR	9.69%
ES	9.19%
GB	7.41%
RU	6.60%
CN	6.47%
NL	5.45%
CA	4.85%
DE	2.88%
TW	2.34%

The top 10 queriers average queries per day by AS# are below:

17,522,505	AS15169	Google Inc.
13,810,209	AS12715	Jazz Telecom S.A.
9,419,213	AS5607	Sky UK Limited
9,102,663	AS209	Qwest Communications Company, LLC
8,505,847	AS4134	Chinanet
6,721,443	AS7738	Telemar Norte Leste S.A.
6,206,409	AS2856	BT Public Internet Service
5,752,171	AS31334	Kabel Deutschland Vertrieb und Service GmbH
5,511,280	AS18881	Global Village Telecom
4,898,146	AS577	Bell Canada


Thanks to Matt Thomas of Verisign for pulling these numbers together quickly.

DW

v2.23.0 | Report a Bug | By Email