DNSwitness

The objective of DNSwitness is to study the development over time of technological trends related to Internet infrastructures and services in France through DNS measurements.

 

The objective of DNSwitness is to study the development over time of technological trends related to Internet infrastructures and services in France through DNS measurements.

Analysing the development of Internet infrastructures and services in France

With this project, Afnic Labs intends to study the development over time of technological trends related to Internet infrastructures and services in France through DNS measurements. To do so, the generic DNSwitness platform combines two approaches: the first active approach involves exploring Internet infrastructures and services starting from the .fr DNS zone, and the second passive approach involves analyzing the DNS query resolutions received by servers managed by Afnic.

Initiated by Afnic Labs, the DNSwitnessplatform project is designed to provide greater visibility on the technological changes taking place in the Internet in France. Examples include the IPv6 deployment and the implementation of DNSSEC, both of which are helping to change the technical features of the .fr namespace. A thorough and continuous analysis of the data from the DNS can be used to track technology trends (such as the penetration rates for IPv6 and DNSSEC) and to produce a diagnostic as objective as possible of the status of deployment and use of new DNS-related technologies and beyond. As part of collaborative R&D based on sharing, the software components of the DNSwitness platform are free software, allowing other market players than Afnic to benefit from and/or contribute to the development, in order to complete the global view by using the same tools, but answering questions relevant to their own centres of interest.

DNSwitness, a platform for analysis

The DNSwitness platform has two components, one active, and one passive:

  • DNSdelve (the active component) checks the content of DNS zones (such as the .fr, and .re TLDs.) and explores further the zones delegated under the TLD using DNS queries;

  • DNSmezzo (the passive component) analyses the DNS traffic / logs for authoritative DNS servers administered by AFNIC.

These two components are operated independently of each other, but the results derived from them can be combined in the study of certain technical issues (e.g. IPv6, DNSSEC, etc.), in order to obtain a more complete picture.

Statistical responses difficult to obtain until now

DNSwitness among other things provides precise answers to static questions such as the number of web servers (www.nom-de-domaine.fr) with an IPv6 address or accessible in secure mode (TLS), or the most popular domain names (for resolution) to the DNS servers managed by AFNIC.

Project key dates

  • 2008 - Design of the first part of the platform, the active component (DNSdelve), which is designed to explore the Internet in France by running network queries (DNS, mail, web, etc.) from the DNS zones .fr and .re. You should notice, however, that DNSdelve can accept any zone as input.
  • 2009 - Development of the second part of the platform, the passive component (DNSmezzo), the purpose of which is to learn by analyzing the DNS traffic destined for DNS servers supervised by AFNIC.
  • 2013 - New indicator developed: most requesting resolvers observed at .fr authoritative name servers.
  • 2014 - Technical quality of the zones which permits to verify the authoritative DNS servers delegated under a reference zone and verify whether they are conformant to the best current practices.

DNSwitness, as a data source for different publications

  • since 2012 -  DNSwitness is the measurement platform used for the DNS chapter of the annual joint publication between AFNIC and ANSSI (Agence Nationale de la Sécurité des Systèmes d’Information) which helps assess the Internet resilience in France based on two important protocols for infrastructure: BGP and DNS.

DNSwitness an open platform

DNSwitness is an open platform. It is available on GitHub.

https://github.com/AFNIC/DNSwitness




Lire cette ressource en français Top of the page