Abstract
In 2009 Google launched its Public DNS service, with its characteristic IP address 8.8.8.8. Since then, this service has grown to be the largest and most well-known DNS service in existence. The popularity of public DNS services has been disruptive for Content Delivery Networks (CDNs). CDNs rely on IP information to geo-Iocate clients. This no longer works in the presence of public resolvers, which led to the introduction of the EDNSO Client Subnet extension. ECS allows resolvers to reveal part of a client's IP address to authoritative name servers and helps CDNs pinpoint client origin. A useful side effect of ECS is that it can be used to study the workings of public DNS resolvers. In this paper, we leverage this side effect of ECS to study Google Public DNS. From a dataset of 3.7 billion DNS queries spanning 2.5 years, we extract ECS information and perform a longitudinal analysis of which clients are served from which Point-of-Presence. Our study focuses on two aspects of GPDNS. First, we show that while GPDNS has PoPs in many countries, traffic is frequently routed out of country, even if that was not necessary. Often this reduces performance, and perhaps more importantly, exposes DNS requests to state-level surveillance. Second, we study how GPDNS is used by clients. We show that end-users switch to GPDNS en masse when their ISP's DNS service is unresponsive, and do not switch back. We also find that many e-mail providers configure GPDNS as the resolver for their servers. This raises serious privacy concerns, as DNS queries from mail servers reveal information about hosts they exchange mail with. Because of GPDNS's use of ECS, this sensitive information is not only revealed to Google, but also to any operator of an authoritative name server that receives ECS-enabled queries from GPDNS during the lookup process.
Original language | English |
---|---|
Title of host publication | 2018 Network Traffic Measurement and Analysis Conference (TMA) |
Publisher | IEEE |
ISBN (Electronic) | 978-3-903176-09-6 |
ISBN (Print) | 978-1-5386-7152-8 |
DOIs | |
Publication status | Published - 25 Oct 2018 |
Event | 2nd Network Traffic Measurement and Analysis Conference, TMA 2018 - Vienna, Austria Duration: 26 Jun 2018 → 29 Jun 2018 Conference number: 2 http://tma.ifip.org/2018/ |
Conference
Conference | 2nd Network Traffic Measurement and Analysis Conference, TMA 2018 |
---|---|
Abbreviated title | TMA 2018 |
Country/Territory | Austria |
City | Vienna |
Period | 26/06/18 → 29/06/18 |
Internet address |
Keywords
- 2019 OA procedure