[162247] in North American Network Operators' Group
Open Resolver Dataset Update
daemon@ATHENA.MIT.EDU (Jared Mauch)
Sun Apr 7 13:46:32 2013
From: Jared Mauch <jared@puck.nether.net>
Date: Sun, 7 Apr 2013 13:46:14 -0400
To: NANOG Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I've continued to update my dataset originally posted about two weeks =
ago. Please take a moment and review your CIDRs which may be running an =
open resolver.
I've exposed one additional bit in the user-interface that may be =
helpful. Some DNS servers will respond with RCODE=3D0 (OK) but not =
provide recursion. nearly 90% of the servers in the database provide =
recursion.
Some raw stats are also available via the 'breakdown' link on the main =
site.
If you operate a DNS server, or have an internal group that does, please =
take a moment and review your networks.
If you email me in private from a corporate address for your ASN, I can =
give you access to a per-ASN report.
Due to a change in methodology, I have increased the number of servers =
observed from 27.2 million to 30.2 million hosts.
2013-04-07 results
30269218 servers responded to our udp/53 probe
731040 servers responded from a different IP than probed
25298074 gave the 'correct' answer to my A? for the DNS name queried.
13840790 responded from a source port other than udp/53
27145699 responses had recursion-available bit set.
2761869 returned REFUSED
In addition, please do continue to deploy BCP-38 to prevent spoofing =
wherever possible. I know at $dayjob we have been auditing this and =
increased the number of customer interfaces that can not spoof.
- Jared=
