Traffic Centralization and Digital Sovereignty: An Analysis Under the Lens of DNS Servers

The Domain Name System (DNS) service is one of the pillars of the Internet. This service allows users to access websites on the Internet through easy-to-remember domain names rather than complex numeric IP addresses. DNS acts as a directory that translates the domain names into a corresponding IP address, allowing communication between computers on different networks. However, the concentration of DNS service providers on the Internet affects user security, privacy, and network accessibility. The reliance on a small number of large DNS providers can lead to (a) risks of data breaches and disruption of service in the event of failures and (b) concerns about the digital sovereignty of countries regarding DNS hosting. In this sense, this work approaches this issue of DNS concentration on the Internet by presenting a solution to measure DNS hosting centralization and digital sovereignty in countries. With the data obtained through these measurements, relevant questions are answered, such as which are the top-10 DNS providers, if there is DNS centralization, and how dependent countries are on such providers.Comment: 8 pages, 7 figure

Hosting Industry Centralization and Consolidation

There have been growing concerns about the concentration and centralization of Internet infrastructure. In this work, we scrutinize the hosting industry on the Internet by using active measurements, covering 19 Top-Level Domains (TLDs). We show how the market is heavily concentrated: 1/3 of the domains are hosted by only 5 hosting providers, all US-based companies. For the country-code TLDs (ccTLDs), however, hosting is primarily done by local, national hosting providers and not by the large American cloud and content providers. We show how shared languages (and borders) shape the hosting market -- German hosting companies have a notable presence in Austrian and Swiss markets, given they all share German as official language. While hosting concentration has been relatively high and stable over the past four years, we see that American hosting companies have been continuously increasing their presence in the market related to high traffic, popular domains within ccTLDs -- except for Russia, notably.Comment: to appear in IEEE/IFIP Network Operations and Management Symposium https://noms2022.ieee-noms.org

Dnstracker : medindo a centralização da infraestrutura DNS na internet

The Internet Domain Naming System (DNS) is one of the pillars of the Internet and has been object of a number of Distributed Denial-of-Service (DDoS) attacks over the years. As a countermeasure, DNS infrastructure has been programmed to include a series of replication measures, such as relying on multiple authoritative DNS servers and the use of IP anycast. Even though these countermeasures have been in place, it has been found that, when servers rely on third-party DNS providers for reliable services, there may be a certain degree of infrastructure centralization. In this case, an attack against a DNS target might affect other authoritative DNS servers that share a part of the infrastructure with the intended victim. However, measuring these kinds of infrastructure sharing is a daunting task, given that generally researchers do not have access to internal DNS provider. In this work, an attempt is made to set out a solution that is supported by a dnstracker tool that uses active DNS measurements to determine, the varying levels of shared infrastructure. As a case study, we analyze the authoritative name servers of all the domains of the most visited websites in the Alexa Top 1 Million List. Our results show that, in some cases, up to 12,000 authoritative name servers share the same underlying infrastructure of a third-party DNS provider. This means that, in the event of an attack, these authoritative DNS servers have increased their risk of suffering from collateral damage.O Sistema de Nomes de Domínio (Domain Name System - DNS) é um dos pilares da Internet e foi alvo de vários ataques DDoS (Distributed Denial-Service - Denial of Service) ao longo dos anos. Como uma medida contrária, a infraestrutura DNS foi projetada com uma série de técnicas de replicação, como confiar em vários servidores de nomes com autoridade e usar o IP anycast. Embora essas medidas estejam em vigor, vimos que, quando os servidores contam com provedores de DNS de terceiros para serviços autorizados, pode haver certos níveis de centralização da infraestrutura. Nesse caso, um ataque contra um destino DNS pode afetar outros servidores DNS autorizados que compartilham parte da infraestrutura com a vítima pretendida. No entanto, medir esses níveis de compartilhamento de infraestrutura é uma tarefa desafiadora, uma vez que os pesquisadores normalmente não têm acesso aos internos do provedor de DNS. Nesta dissertação, apresentamos uma metodologia e a ferramenta dnstracker associada, que permitem medir, em vários graus, o nível de concentração e infraestrutura compartilhada usando medidas de DNS ativas. Como estudo de caso, analisamos os servidores de nomes com autoridade de todos os domínios dos sites mais visitados do Alexa Top 1 milhão. Nossos resultados mostram que, em alguns casos, até 12,000 servidores de nomes autorizados compartilham a mesma infraestrutura subjacente de um provedor DNS de terceiros. Como tal, no caso de um ataque, esses servidores DNS autorizados aumentaram a probabilidade de sofrer danos colaterais

Dnstracker : medindo a centralização da infraestrutura DNS na internet

The Internet Domain Naming System (DNS) is one of the pillars of the Internet and has been object of a number of Distributed Denial-of-Service (DDoS) attacks over the years. As a countermeasure, DNS infrastructure has been programmed to include a series of replication measures, such as relying on multiple authoritative DNS servers and the use of IP anycast. Even though these countermeasures have been in place, it has been found that, when servers rely on third-party DNS providers for reliable services, there may be a certain degree of infrastructure centralization. In this case, an attack against a DNS target might affect other authoritative DNS servers that share a part of the infrastructure with the intended victim. However, measuring these kinds of infrastructure sharing is a daunting task, given that generally researchers do not have access to internal DNS provider. In this work, an attempt is made to set out a solution that is supported by a dnstracker tool that uses active DNS measurements to determine, the varying levels of shared infrastructure. As a case study, we analyze the authoritative name servers of all the domains of the most visited websites in the Alexa Top 1 Million List. Our results show that, in some cases, up to 12,000 authoritative name servers share the same underlying infrastructure of a third-party DNS provider. This means that, in the event of an attack, these authoritative DNS servers have increased their risk of suffering from collateral damage.O Sistema de Nomes de Domínio (Domain Name System - DNS) é um dos pilares da Internet e foi alvo de vários ataques DDoS (Distributed Denial-Service - Denial of Service) ao longo dos anos. Como uma medida contrária, a infraestrutura DNS foi projetada com uma série de técnicas de replicação, como confiar em vários servidores de nomes com autoridade e usar o IP anycast. Embora essas medidas estejam em vigor, vimos que, quando os servidores contam com provedores de DNS de terceiros para serviços autorizados, pode haver certos níveis de centralização da infraestrutura. Nesse caso, um ataque contra um destino DNS pode afetar outros servidores DNS autorizados que compartilham parte da infraestrutura com a vítima pretendida. No entanto, medir esses níveis de compartilhamento de infraestrutura é uma tarefa desafiadora, uma vez que os pesquisadores normalmente não têm acesso aos internos do provedor de DNS. Nesta dissertação, apresentamos uma metodologia e a ferramenta dnstracker associada, que permitem medir, em vários graus, o nível de concentração e infraestrutura compartilhada usando medidas de DNS ativas. Como estudo de caso, analisamos os servidores de nomes com autoridade de todos os domínios dos sites mais visitados do Alexa Top 1 milhão. Nossos resultados mostram que, em alguns casos, até 12,000 servidores de nomes autorizados compartilham a mesma infraestrutura subjacente de um provedor DNS de terceiros. Como tal, no caso de um ataque, esses servidores DNS autorizados aumentaram a probabilidade de sofrer danos colaterais

Hosting Industry Centralization and Consolidation

There have been growing concerns about the concentration and centralization of Internet infrastructure. In this work, we scrutinize the hosting industry on the Internet by using active measurements, covering 19 Top-Level Domains (TLDs). We show how the market is heavily concentrated: 1/3 of the domains are hosted by only 5 hosting providers, all US-based companies. For the country-code TLDs (ccTLDs), however, hosting is primarily done by local, national hosting providers and not by the large American cloud and content providers. We show how shared languages (and borders) shape the hosting market — German hosting companies have a notable presence in Austrian and Swiss markets, given they all share German as official language. While hosting concentration has been relatively high and stable over the past four years, we see that American hosting companies have been continuously increasing their presence in the market related to high traffic, popular domains within ccTLDs — except for Russia, notably