Measurement and analysis of the query traffic sent to the D-Root DNS root nameserver, which is hosted by University of Maryland.
Analyzing the Propagation of IoT Botnets from DNS Leakage
Stephen Herwig, Katura Harvey, Dave Levin, Neil Spring, Bobby Bhattacharjee
Longitudinal Analysis of Root Server Anycast Inefficiencies
Zhihao Li, Dave Levin, Neil Spring, Bobby Bhattacharjee
D-Mystifying the D-Root Address Change
Matthew Lentz, Dave Levin, Jason Castonguay, Neil Spring, Bobby Bhattacharjee
IMC 2013 (International Measurement Conference) Short Paper
On January 3, 2013, the D-root DNS server hosted at the University of Maryland changed
IP address. To avoid service disruption, the old address continues to answer queries.
We perform an initial investigation of the traffic at both the new and old addresses
before, during, and since the flag day. The data we collected show non-obvious behavior:
the overall query volume to the D-roots increases by roughly 50%, the old address
continues to receive a high volume of queries months after the changeover, and far
more queries to the old address succeed than those to the new one. Our analysis provides
a window into how compliant resolvers change over and how non-standard and seemingly
malicious resolvers react (or not) to the IP address change. We provide evidence that a
relatively small number of implementation errors account for nearly all discrepancies
that are not misconfigurations or attacks.