Hi all, Here are some statistics on domain queries from the month of January. How much usage does the reverse delegation (domain) database get? Some background reading on reverse delegation: https://www.ripe.net/manage-ips-and-asns/dns/reverse-dns https://www.ripe.net/manage-ips-and-asns/db/support/documentation/ripe-datab... Domain objects are not returned by default in IP lookups. Users must either use the -d / --reverse-domain flag on an IP lookup, or specify the .in-addr.arpa / ip6.arpa / e164.arpa primary key. Out of 2 billion whois queries in January, I found 422,061 queries with the reverse domain flag (or ~14k/day). I found 758,583 queries for domain objects by primary key (or ~24k/day). Let me know if you have any questions or would like more details. Regards Ed Shryane RIPE NCC
Hi Ed, thanks for these additional data points.
Out of 2 billion whois queries in January, I found 422,061 queries with the reverse domain flag (or ~14k/day). I found 758,583 queries for domain objects by primary key (or ~24k/day).
We might safely assume that for reverse domain objects the DB is primnarily a provisioning engine that leverages on the contact details and, probably more importantly, on the authentication/authorization infrastructure. I'd not expect to retrieve too much operational information there. It might be interesting to see whether the query sources are "heavy" or re-occuring users or other signs for the queries being largely for consistency checks. All in all, likely a side issue. Regards, Peter
Hi Peter,
On 2 Mar 2020, at 10:31, Peter Koch <pk@DENIC.DE> wrote: ... It might be interesting to see whether the query sources are "heavy" or re-occuring users or other signs for the queries being largely for consistency checks. All in all, likely a side issue.
It was straightforward to count these queries by client address. Of the 422,061 queries with the reverse domain flag (-d/--reverse-domain): * There were 1,460 client IP's in total. * 314,239 (74%) of queries didn't return anything (no matching object, or malformed query such as "in-addr.arpa" or "ip6.arpa"). * 3 clients accounted for 44% of the queries that did return at least one object. Of the 758,583 queries for domain objects by primary key (*.in-addr.arpa|ip6.arpa|e164.arpa): * There were 26,073 client IP's in total. * 501,457 (66%) queries didn't return anything. * 4 clients accounted for 65% of the queries that did return at least one object. Regards Ed
participants (2)
-
Edward Shryane -
Peter Koch