Passive Observations of a Large DNS Service: 2.5 Years in the Life of Google

Wouter B. de Vries, Roland van Rijswijk-Deij, Pieter-Tjerk de Boer, Aiko Pras

    Research output: Contribution to journalArticleAcademicpeer-review

    9 Citations (Scopus)
    241 Downloads (Pure)

    Abstract

    In 2009 Google launched its Public DNS service, which has since become the largest DNS service in existence. A common problem with public resolvers is that Content Delivery Networks (CDNs) struggle to map end user origin. The EDNS Client Subnet (ECS) extension allows resolvers to reveal part of a client's IP to authoritative name servers, helping CDNs pinpoint client origin. A side effect of ECS is that authoritative name server operators learn where in its network the public resolver handles queries. We leverage this side effect to study Google Public DNS (GPDNS). We perform a longitudinal analysis over data covering 2.5 years and 3.7 billion queries. Our study focuses on three aspects. First, we show that while GPDNS has PoPs in many countries, traffic is frequently routed out of country. This can reduce performance, and expose DNS requests to state level surveillance. We also show that end users are often served by a suboptimal PoP. Second, we show that end users switch to GPDNS en masse when their ISP resolver is unresponsive, and do not switch back. Finally, we also find that many e-mail providers configure GPDNS as resolver on their servers, causing serious privacy concerns due to information leakage.

    Original languageEnglish
    Article number8805156
    Pages (from-to)190-200
    Number of pages11
    JournalIEEE transactions on network and service management
    Volume17
    Issue number1
    Early online date19 Aug 2019
    DOIs
    Publication statusPublished - Mar 2020

    Keywords

    • Computer networks
    • Domain name system
    • Network topology
    • Performance
    • Privacy
    • Resilience

    Fingerprint

    Dive into the research topics of 'Passive Observations of a Large DNS Service: 2.5 Years in the Life of Google'. Together they form a unique fingerprint.

    Cite this