ECSeptional DNS Data: Evaluating Nameserver ECS Deployments with Response-Aware Scanning

TL;DR

This paper introduces a novel, efficient method for conducting DNS ECS scans, including IPv6, revealing widespread support and non-compliance issues among major nameservers, and providing valuable data for DNS research.

Contribution

The study presents the first scalable ECS scanning technique for IPv6 and reduces query requirements by up to 97%, enabling comprehensive ECS landscape analysis.

Findings

53% of nameservers support prefix-based responses

Google nameservers do not fully comply with guidelines

The new method significantly reduces scanning queries

Abstract

DNS is one of the cornerstones of the Internet. Nowadays, a substantial fraction of DNS queries are handled by public resolvers (e.g., Google Public DNS and Cisco's OpenDNS) rather than ISP nameservers. This behavior makes it difficult for authoritative nameservers to provide answers based on the requesting resolver. The impact is especially important for entities that make client origin inferences to perform DNS-based load balancing (e.g., CDNS). The EDNS0 Client Subnet (ECS) option adds the client's IP prefix to DNS queries, which allows authoritative nameservers to provide prefix-based responses. In this study, we introduce a new method for conducting ECS scans, which provides insights into ECS behavior and significantly reduces the required number of queries by up to 97% compared to state-of-the-art techniques. Our approach is also the first to facilitate ECS scans for IPv6. We conduct a comprehensive evaluation of the ECS landscape, examining the usage and implementation of ECS across various services. Overall, 53% of all nameservers support prefix-based responses. Furthermore, we find that Google nameservers do not comply with the Google Public DNS guidelines. Lastly, we plan to make our tool, and data publicly available to foster further research in the area.