Research at b.root-servers.net

The b.root-servers.net team strives to support the DNS ecosystem through active research projects and related software development. We are part of ongoing research projects, partcipate in standardization, software development, provide datasets to researchers in academia and industry. and have a history of academic research and collaboration.

Current Research Projects

• TLS support is now available from our root server, encrypting queries to protect them from eavesdropping.
• LocalRoot allows you to serve a cached copy of the DNS Root Zone from your recursive resolver, similar to RFC8806.
• We have head a number of DINR research workshops for informal discussion of early work on DNS and Internet Naming.
• CLASSNET will develop a framework for collaborative, community-driven enrichment and labeling of data, enabling use of our datasets for machine learning in networking and security.

Software Development Highlights

• verfploeter anycast mapping tools
• dnsanon
• dnsanon_rssac produces our root server usage data (RSSAC-002 details)
• We work closely with the ANT Project software release

Standardization

We participate in the IETF standardization process and have contributed to a number of DNS-related RFCs.

Selected RFCs:

• RFC9276: W. Hardaker, V. Dukhovni. August 2022. Guidance for NSEC3 Parameter Settings.
• RFC9199: G. Moura, W. Hardaker, J. Heidemann, M. Davids. March 2022. Considerations for Large Authoritative DNS Server Operators.
• RFC8914: W. Kumari, E. Hunt, R. Arends, W. Hardaker and D. Lawrence 2020. Extended DNS Errors.
• RFC7858: Z. Hu, L. Zhu, J. Heidemann, A. Mankin, D. Wessels and P. Hoffman 2016. Specification for DNS over Transport Layer Security (TLS).

Datasets

• We provide RSSAC002 data with our own processing system
• We participate in the Day In The Life of the Internet (DITL)
• We provide many curated datasets, currently through the ANT Lab Dataset web site. These include both general DNS datasets and security specific datasets.

Academic Research

Many questions around providing DNS and operating critical infrastructure lead to interesting academic questions. When appropriate, we work with students and researchers at USC and elsewhere and publish the results to share with the world.

Prior Research Projects

• DIINER (concluded in 2024) supports new new research in Internet naming and trust. Our goal is to support research and ease transition from research to operational deployment, while preserving stability. We support an accessible DNS Root testbed for use by researchers and hold annual “DINR” research workshops.
• DDIDD (concluded in 2021) will apply existing and develop new defenses against Distributed-Denial-of-Service attacks for operational DNS infrastructure, and make these tools available as open source.

Selected publications

• A S M Rizvi, Jelena Mirkovic, John Heidemann, Wes Hardaker, and Robert Story 2023. Defending Root DNS Servers Against DDoS Using Layered Defenses (extended). Ad Hoc Networks Journal. 151, (Dec. 2023).
• Tarang Saluja, John Heidemann, and Yuri Pradkin 2022. Differences in Monitoring the DNS Root Over IPv4 and IPv6. Proceedings of the National Symposium for NSF REU Research in Data Science, Systems, and Security (Portland, OR, USA, Dec. 2022), 194–203.
• Moritz Müller, Matthew Thomas, Duane Wessels, Wes Hardaker, Taejoong Chung, Willem Toorop, Roland Rijswijk-Deij. Roll, roll, roll your root: A comprehensive analysis of the first ever DNSSEC root KSK rollover. Proceedings of the internet measurement conference, IMC 2019, 1–14.
• Liang Zhu, Zi Hu, John Heidemann, Duane Wessels, Allison Mankin and Nikita Somaiya 2015. Connection-Oriented DNS to Improve Privacy and Security. Proceedings of the 36th IEEE Symposium on Security and Privacy (San Jose, Californa, USA, May 2015), 171–186.