Understanding DNS Query Composition at B-Root

TL;DR

This study provides a detailed ten-year analysis of DNS query patterns at B-Root, revealing increasing unexpected query traffic, trends in specific query types, and identifying major sources of DNS traffic.

Contribution

It offers the first comprehensive longitudinal characterization of DNS queries at B-Root over a decade, highlighting trends and unexpected query behaviors.

Findings

Unexpected query traffic increased from 39.57% to 67.91% over ten years.

36.55% of queries were priming queries.

Growth and decline observed in Chromium-initiated random DNS queries.

Abstract

The Domain Name System (DNS) is part of critical internet infrastructure, as DNS is invoked whenever a remote server is accessed (an URL is visited, an API request is made, etc.) by any application. DNS queries are served in hierarchical manner, with most queries served locally from cached data, and a small fraction propagating to the top of the hierarchy - DNS root name servers. Our research aims to provide a comprehensive, longitudinal characterization of DNS queries received at B-Root over ten years. We sampled and analyzed a 28-billion-query large dataset from the ten annual Day in the Life of the Internet (DITL) experiments from 2013 through 2022. We sought to identify and quantify unexpected DNS queries, establish longitudinal trends, and compare our findings with published results of others. We found that unexpected query traffic increased from 39.57% in 2013 to 67.91% in 2022, with 36.55% of queries being priming queries. We also observed growth and decline of Chromium-initiated, random DNS queries. Finally, we analyzed the largest DNS query senders and established that most of their traffic consists of unexpected queries.