Wouter de Vries

I am a PhD student in the Design and Analysis of Communication Systems (DACS) group at the University of Twente. My current research area is the optimization of anycast catchments, specifically to improve resilience against Distributed Denial-of-Service (DDoS) attacks.

Paper: Passive Observations of a Large DNS Service: 2.5 Years in the Life of Google

26 Jun 2018

The paper “Passive Observations of a Large DNS Service: 2.5 Years in the Life of Google” will appear in the 2018 Traffic Measurement and Analysis (TMA) conference on June 26-29, 2018 in Vienna, Austria.

From the abstract:

In 2009 Google launched its Public DNS service, with its characteristic IP address Since then, this service has grown to be the largest and most well-known DNS service in existence. The popularity of public DNS services has been disruptive for Content Delivery Networks (CDNs). CDNs rely on IP information to geo-locate clients. This no longer works in the presence of public resolvers, which led to the introduction of the EDNS0 Client Subnet extension. ECS allows resolvers to reveal part of a client’s IP address to authoritative name servers and helps CDNs pinpoint client origin. A useful side effect of ECS is that it can be used to study the workings of public DNS resolvers. In this paper, we leverage this side effect of ECS to study Google Public DNS. From a dataset of 3.7 billion DNS queries spanning 2.5 years, we extract ECS information and perform a longitudinal analysis of which clients are served from which Point-of-Presence. Our study focuses on two aspects of GPDNS. First, we show that while GPDNS has PoPs in many countries, traffic is frequently routed out of country, even if that was not necessary. Often this reduces performance, and perhaps more importantly, exposes DNS requests to state-level surveillance. Second, we study how GPDNS is used by clients. We show that end-users switch to GPDNS en masse when their ISP’s DNS service is unresponsive, and do not switch back. We also find that many e-mail providers configure GPDNS as the resolver for their servers. This raises serious privacy concerns, as DNS queries from mail servers reveal information about hosts they exchange mail with. Because of GPDNS’s use of ECS, this sensitive information is not only revealed to Google, but also to any operator of an authoritative name server that receives ECS-enabled queries from GPDNS during the lookup process.

The work in this paper was joint work by Wouter B. de Vries (University of Twente), Roland van Rijswijk-Deij (University of Twente and SURFnet bv), Pieter-Tjerk de Boer (University of Twente) and Aiko Pras (University of Twente). The datasets used in the paper are available at https://doi.org/10.4121/uuid:1ef815ea-cb39-4b41-8db6-c1008af6d5aa.