It’s nearly fall and here in California, we can feel the change of season. I’m wearing a sweater for the first time in months, and day by day it’s darker when we get up in the morning.
But I like fall. My daughter’s birthday is in the fall — in fact, it’s on the equinox — and so is mine. Halloween is coming up, and in our neighborhood, Halloween is a huge, big deal. Kids from all over come to our neighborhood to trick or treat, and some families set up elaborate Halloween displays. One year, neighbors had a mock car wreck on their lawn, complete with casualties, and another year the same neighbors, I think they chased trick or treaters away with a chainsaw. Yeah, we avoid that house now.
And each fall, Infoblox re-runs its DNS Survey. Our friends at The Measurement Factory actually perform the testing, and we both analyze the results. While it may sound like the height of geekdom, the Survey’s results are like a surprise gift each year. Honestly, I never know quite what to expect. Last year, we saw the percentage of open recursive name servers jump through the roof reversing a trend I thought we’d established over the previous several years. Over the past two years, we’ve seen the percentage of Microsoft DNS Servers identified drop through the floor.
What will this year’s survey bring? Who knows? With all the hubbub over DNSSEC, including the signing of the root zone and various top-level zones, I’m hoping well see a dramatic increase in the number of signed zones. Maybe we’ll see the percentage of open recursive name servers stabilize or fall.
We’re limited, of course, to detecting changes that are visible to our tests. And I worry sometimes that maybe we’re missing some tests that would produce really interesting results. The opportunity to run the tests only comes around once a year, after all, and there might be some tests that would be easy to add that we just didn’t think of.
Can you think of any good tests that we could add? If you need a refresher on what tests we already perform, see the results of last years DNS Survey here.
The report includes information on how we conduct the survey, but the idea is pretty simple: Choose a random sample of IPv4 address space and probe it for nameservers by sending queries. When you find a name server, send it a few more queries to see how it responds. Avoid queries that could cause operational problems. Then choose a random sample of subzones of .com, .net and .org and send queries to see how those zones are configured (e.g., are they signed, do they use SPF).
If you have any great ideas for tests to run, feel free to post them as replies, or, if you’d prefer, just email them to me.
