Research Project: Identifying DNSSEC Validators

• Previous message (by thread): 91.201.64.0/22 hijacked?
• Next message (by thread): Fwd: RPKI Pilot Participant Notice
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Within Verisign Labs we have a project underway to quantify the number of
DNSSEC-validating resolvers in use on the Internet.  In particular, we
want to identify recursive name servers which have configured the root
zone trust anchor.  We find this data a useful metric for DNSSEC adoption
and especially helpful for informing discussions about key rollovers for
the root zone.

In order for our our measurements to be meaningful, we need to receive
queries from a wide variety of recursive name servers.  To achieve this
goal we ask members of the DNS and networking communities to assist by
adding the following single line of HTML code to your web pages:

<a href="http://prefetch.validatorsearch.verisignlabs.com"></a>

This HTML snippet should have no visible impact on a rendered page.  Since
nearly all web browsers now implement DNS prefetching, the code above
results in a DNS query for the name shown and allows us to characterize
the recursive name server that the query goes through.

Please note that we are not interested in identifying individual users who
have loaded the web page.  The name above points to the localhost IP address
(127.0.0.1) so even if someone does manage to "click" on it, that request
does not reach us.

For some preliminary results, please visit the project web page at
http://validatorsearch.verisignlabs.com/

We look forward to presenting the full results at a future NANOG meeting.

Duane W.

• Previous message (by thread): 91.201.64.0/22 hijacked?
• Next message (by thread): Fwd: RPKI Pilot Participant Notice
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]