Traces

NOTE: THIS IS OBSOLETE INFORMATION

Purpose

NLnet Labs, RIPE NCC and ISC ORC have started a project on gathering traces from root and/or TLD name servers. These traces will be used to statisticly research them to identify trends in DNS traffic. One such item is the number of EDNS0 queries in the traces.

Such research will help the Internet community respond to (upcoming) changes in DNS traffic.

Future research

In the future we might research the following topics:

• flags in the queries,
• how many IPv6 addresses do we count,
• are there IDN queries,
• do we see Active Directory queries and other bogus.

Anonymity

When a trace is submitted we will anonymize it. This process is essentially transforming all source addresses of the queries into other, non identifiable addresses.

Publication of the research results

Currently we only want to collect traces. When we start looking at the traces and get results, they will be published on the NLnet Labs website.

Howto submit a trace

If you are a root server or TLD nameserver operator and you want to submit a trace, please contact: traces@nlnetlabs.nl.

The procedure for uploading a trace is as follows:

• You contact us.
• we will provide you with a username, password and a machine to which you can upload the trace. The upload will be done with 'ssh' ('scp').

After that we anonymize the trace and delete the original.

What kind of trace do you want?

For each server the specifics are a little different. In short we want to have enough data to allow for some general conclusions about the traffic.

A guideline for capturing traffic could be: capture for half an hour per 8 hours. So in 24 hours you capture 1.5 hours of traffic.

The actual capturing should be done with tcpdump. Something like tcpdump port 53 is what we want.