Statistics of Public Resolvers

Daily Queries Link to this heading

Our pipeline incorporates a daily summary of selected statistics. We use these statistics to have some baselining in place. We constantly observe activity on our public resolvers to refine our abuse detection.

After changes in our abuse detection, we get back to the statistics to observe if we see the desired effect.

Distinct Clients per Resolver Link to this heading

This metric defines how many distinct clients we have observed over a 24-hour interval on each of our different public resolvers. Clients which appear on more than one of our resolvers contribute to the total count on each of the observers.

Although, distinct client usage gives an indicator how many clients actually use our public resolvers, this metric should be read with a pinch of salt. If our resolvers are abused as reflector amplifiers, then client IPs are spoofed and the statistics is tainted.

Total Queries per Resolver Link to this heading

This metric shows the total queries per resolver. Repeatadly asked queries are counted multiple times. Although, by the design of DNS it makes sense that queries are asked repeatedly, i.e. after a record expired, it is desirable that the gap between distinct queries and total queries is not too large.

Distinct Queries per Resolver Link to this heading

This metric shows the distinct DNS records looked up. Records repeatedly asked, or similar queries send by different clients is counted only once.