Research Project: Identifying DNSSEC Validators
Within Verisign Labs we have a project underway to quantify the number of DNSSEC-validating resolvers in use on the Internet. In particular, we want to identify recursive name servers which have configured the root zone trust anchor. We find this data a useful metric for DNSSEC adoption and especially helpful for informing discussions about key rollovers for the root zone. In order for our our measurements to be meaningful, we need to receive queries from a wide variety of recursive name servers. To achieve this goal we ask members of the DNS and networking communities to assist by adding the following single line of HTML code to your web pages: <a href="http://prefetch.validatorsearch.verisignlabs.com"></a> This HTML snippet should have no visible impact on a rendered page. Since nearly all web browsers now implement DNS prefetching, the code above results in a DNS query for the name shown and allows us to characterize the recursive name server that the query goes through. Please note that we are not interested in identifying individual users who have loaded the web page. The name above points to the localhost IP address (127.0.0.1) so even if someone does manage to "click" on it, that request does not reach us. For some preliminary results, please visit the project web page at http://validatorsearch.verisignlabs.com/ We look forward to presenting the full results at a future NANOG meeting. Duane W.
participants (1)
-
Wessels, Duane