Hi Christian, Thank you for sharing the pointer.
As I understood it, the aggregation mentioned in Pawel and Oliver's study is based on an “AS name”, not AS numbers. As you know, an organization may own multiple ASNs. Mapping the 22/57 ASes to their owner would be useful, IMO. Cheers, Med De : dns-privacy [mailto:dns-privacy-boun...@ietf.org] De la part de Christian Huitema Envoyé : jeudi 9 janvier 2020 09:28 À : BOUCADAIR Mohamed TGI/OLN; Vittorio Bertola; Sara Dickinson Cc : last-c...@ietf.org; DNS Privacy Working Group Objet : Re: [dns-privacy] [Last-Call] Review of draft-ietf-dprive-rfc7626-bis-03 - Section 3.5.1.1 Comments On 1/8/2020 6:09 AM, mohamed.boucad...@orange.com<mailto:mohamed.boucad...@orange.com> wrote: FWIW, slide 6 of https://datatracker.ietf.org/meeting/104/materials/slides-104-maprg-dns-observatory-monitoring-global-dns-for-performance-and-security-pawel-foremski-and-oliver-gasser-01 shows that very few DNS providers are handling +53% of the traffic. It is fair to mention the risk to see such centralization further exacerbated. Of course, the one mentioned by Christian is to be called as well I am not sure that I understand the methodology behind the slides that you cite, but it appears that they are measuring traffic by volume based on passive DNS data collection. I have been working with the APNIC data, as published at https://ithi.research.icann.org/graph-m5.html. The data attempts to answer the question, how many "resolvers" handle what fraction of the user population. The first problem is "how do you identify resolvers". The classic simplification is to just count autonomous system numbers (AS), but this lumps together the resolvers managed by ISP and those managed by small businesses connecting through those ISP. The immediate problem is, "how do you count", because users and their devices sometimes send multiple copies of the same query to different resolvers, and also sometimes send a second batch of queries to a different set of resolvers if they did not get a response the first time. One way to count would be, all the resolvers needed to handle all the repetitions of the queries of a users. Let's call that the inclusive count. Another way would be, the smallest numbers of resolvers that would handle X% of the users, if all the other resolvers were out of service. Let's call that the exclusive count, which is by definition smaller than the inclusive count. As of January 2020, the data shows that: * The traffic of 50% of the users is seen by resolvers in 57 AS (inclusive count). Handling that traffic would require at least 22 AS (exclusive count). * The traffic of 90% of the users is seen by resolvers in 570 AS (inclusive count). Handling that traffic would require at least 385 AS (exclusive count). If we count by network prefix (/24 for IPv4, /48 for IPv6), we get: * The traffic of 50% of the users is seen by resolvers in 478 networks (inclusive count). Handling that traffic would require at least 143 networks (exclusive count). * The traffic of 90% of the users is seen by resolvers in 3403 networks (inclusive count). Handling that traffic would require at least 2150 networks (exclusive count). Is that a form of concentration? Yes of course, but even the lowest number, 22 AS, is larger than the 8 networks mentioned as handling 53% of traffic in Pawel and Oliver's study. And yes, it is important to monitor these trends. -- Christian Huitema
_______________________________________________ dns-privacy mailing list dns-privacy@ietf.org https://www.ietf.org/mailman/listinfo/dns-privacy
