Unveiling the DNS Resolver Landscape Insights
Explore the intricate DNS system architecture, the usage of different resolver types, and the advantages of open DNS resolvers in this comprehensive presentation featuring Geoff Huston, Chief Scientist at APNIC. Discover why open DNS resolvers are favored for speed, reliability, security features like DNS over TLS and DNS over HTTPS, DNSSEC validation, and more, alongside statistics on user preferences for ISP-operated vs. Google's DNS services.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
The DNS Resolver Landscape Geoff Huston AM Chief Scientist, APNIC
DNS System Architecture Authoritative Servers Recursive Resolver Cache Application Stub Resolver
DNS System Architecture Authoritative Servers ISP ISP Resolver Recursive Resolver Cache Application Stub Resolver
DNS System Architecture Authoritative Servers Open Resolver Recursive Resolver Cache ISP Application Stub Resolver
Use of Resolvers 68% of users direct their DNS queries to the ISP-operated recursive resolvers 25% of users direct their DNS queries to Google s open resolver service 20% of users direct their DNS queries in in-country DNS
Use of ISP Resolver We have no current data for Russia https://stats.labs.apnic.net/rvrs
Use of Googles DNS Service We have no current data for Russia https://stats.labs.apnic.net/rvrs
Why use an Open DNS Resolver? It s often faster (a busier cache is a better cache!) It s often more reliable It supports DNS over TLS and DNS over HTTPS It performs DNSSEC validation It does not filter DNS responses in any way But It requires a customisation of the device / local network Unless you use TLS there are many more opportunities for eavesdropping and manipulation
Why use an Open DNS Resolver? It s often faster (a busier cache is a better cache!) It s often more reliable It supports DNS over TLS and DNS over HTTPS It performs DNSSEC validation It does not filter DNS responses in any way But It requires a customisation of the device / local network Unless you use TLS there are many more opportunities for eavesdropping and manipulation
Why use the ISP resolver? It can provide better content steerage leading to faster content It requires no customisation of the device / local network But It may perform local DNS filtering It may be used for in-country meta-data collection Less opportunity for third party eavesdropping and manipulation
Why use the ISP resolver? It can provide better content steerage leading to faster content It requires no customisation of the device / local network But It may perform local DNS filtering It may be used for in-country meta-data collection Less opportunity for third party eavesdropping and manipulation
DNS Forwarders Sometimes its not so straightforward as one or the other ISPs sometimes forward all their queries to one or more open DNS resolvers and don t operate their own DNS resolution service To the customer it looks like the ISP s service But the ISP can pouh the cost of operating this service on to the Open Resolver service
