FWIW, slide 6 of https://datatracker.ietf.org/meeting/104/materials/slides-104-maprg-dns-observatory-monitoring-global-dns-for-performance-and-security-pawel-foremski-and-oliver-gasser-01 shows that very few DNS providers are handling +53% of the traffic. It is fair to mention the risk to see such centralization further exacerbated. Of course, the one mentioned by Christian is to be called as well
I am not sure that I understand the methodology behind the slides
that you cite, but it appears that they are measuring traffic by
volume based on passive DNS data collection.
I have been working with the APNIC data, as published at https://ithi.research.icann.org/graph-m5.html. The data attempts to answer the question, how many "resolvers" handle what fraction of the user population. The first problem is "how do you identify resolvers". The classic simplification is to just count autonomous system numbers (AS), but this lumps together the resolvers managed by ISP and those managed by small businesses connecting through those ISP. The immediate problem is, "how do you count", because users and their devices sometimes send multiple copies of the same query to different resolvers, and also sometimes send a second batch of queries to a different set of resolvers if they did not get a response the first time. One way to count would be, all the resolvers needed to handle all the repetitions of the queries of a users. Let's call that the inclusive count. Another way would be, the smallest numbers of resolvers that would handle X% of the users, if all the other resolvers were out of service. Let's call that the exclusive count, which is by definition smaller than the inclusive count.
As of January 2020, the data shows that:
* The traffic of 50% of the users is seen by resolvers in 57
AS (inclusive count). Handling that traffic would require at least
22 AS (exclusive count).
* The traffic of 90% of the users is seen by resolvers in 570
AS (inclusive count). Handling that traffic would require at least
385 AS (exclusive count).
If we count by network prefix (/24 for IPv4, /48 for IPv6), we
get:
* The traffic of 50% of the users is seen by resolvers in 478
networks (inclusive count). Handling that traffic would require at
least 143 networks (exclusive count).
* The traffic of 90% of the users is seen by resolvers in
3403 networks
(inclusive count). Handling that traffic would require at least
2150 networks
(exclusive count).
Is that a form of concentration? Yes of course, but even the
lowest number, 22 AS, is larger than the 8 networks mentioned as
handling 53% of traffic in Pawel and Oliver's study.
And yes, it is important to monitor these trends.
-- Christian Huitema
-- last-call mailing list last-call@xxxxxxxx https://www.ietf.org/mailman/listinfo/last-call
