Transparent Forwarders: An Unnoticed Component of the Open DNS Infrastructure

TL;DR

This paper systematically analyzes transparent forwarders in open DNS infrastructure, revealing their significant presence, regional deployment patterns, and network connectivity, which were previously underappreciated and not captured by standard scanning methods.

Contribution

It provides the first comprehensive measurement and analysis of transparent forwarders in open DNS, highlighting their prevalence, regional distribution, and network connectivity using a novel traceroute approach.

Findings

Transparent forwarders constitute 26% of ODNS infrastructure.

High deployment of transparent forwarders in Asia and South America.

Many forwarders relay to major public resolvers like Google and Cloudflare.

Abstract

In this paper, we revisit the open DNS (ODNS) infrastructure and, for the first time, systematically measure and analyze transparent forwarders, DNS components that transparently relay between stub resolvers and recursive resolvers. Our key findings include four takeaways. First, transparent forwarders contribute 26% (563k) to the current ODNS infrastructure. Unfortunately, common periodic scanning campaigns such as Shadowserver do not capture transparent forwarders and thus underestimate the current threat potential of the ODNS. Second, we find an increased deployment of transparent forwarders in Asia and South America. In India alone, the ODNS consists of 80% transparent forwarders. Third, many transparent forwarders relay to a few selected public resolvers such as Google and Cloudflare, which confirms a consolidation trend of DNS stakeholders. Finally, we introduce DNSRoute++, a new traceroute approach to understand the network infrastructure connecting transparent forwarders and resolvers.