Johannes Zirngibl

Johannes Zirngibl

Researcher at the Max Planck Institute For Informatics

ECSeptional DNS Data: Evaluating Nameserver ECS Deployments with Response-Aware Scanning

Authors: Patrick Sattler, Johannes Zirngibl, Fahad Hilal, Oliver Gasser, Kevin Vermeulten, Georg Carle, Mattijs Jonker

Published in Proc. ACM Netw., 2025

Abstract:
DNS is one of the cornerstones of the Internet. Nowadays, a substantial fraction of DNS queries are handled by public resolvers (e.g., Google Public DNS and Cisco’s OpenDNS) rather than ISP nameservers. This behavior makes it difficult for authoritative nameservers to provide answers based on the requesting resolver. The impact is especially important for entities that make client origin inferences to perform DNS-based load balancing (e.g., CDNS). The EDNS0 Client Subnet (ECS) option adds the client’s IP prefix to DNS queries, which allows authoritative nameservers to provide prefix-based responses. Previous work showed the potential of data collected during ECS scans. Infrastructure can be uncovered, and operators’ subnet-specific behavior can be observed. In this study, we introduce a new method for conducting ECS scans. Our method significantly reduces the required number of queries by up to 97 % compared to state-of-the-art techniques and allows us to provide new insights into ECS behavior. Our approach is also the first to facilitate ECS scans for IPv6. Due to its vast address space, we have developed and analyzed different IPv6 scanning approaches. We conduct a comprehensive evaluation of the ECS landscape, examining the usage and implementation of ECS across various services. Overall, 53 % of all nameservers support prefix-based responses. Furthermore, we find that Google nameservers do not comply with the Google Public DNS guidelines. Additionally, we observe that certain operators (e.g., AWS Route53) exclusively employ a single specific scope prefix length without aggregation, potentially affecting resolver cache efficiency. Lastly, we make our tool and data publicly available to foster further research in the area.

Recommended citation: Patrick Sattler, Johannes Zirngibl, Fahad Hilal, Oliver Gasser, Kevin Vermeulten, Georg Carle, Mattijs Jonker, "ECSeptional DNS Data: Evaluating Nameserver ECS Deployments with Response-Aware Scanning." Proc. ACM Netw., 2025.

Homepage