On this page, we provide technical background information about our forward DNS (fDNS) measurement. This information is targeted at DNS operators and academic researchers.
The goal of the OpenINTEL project is to capture daily snapshots of the state of large parts of the global Domain Name System. Because the DNS plays a key role in almost all Internet services, recording this information allows us to track changes on the Internet, and thus its evolution, over longer periods of time. By performing active measurements we build consistent and reliable time series of the state of the DNS.
Our fDNS measurement is seeded with domain names that we extract from zone files of specific TLDs or from list-based sources. The notable difference between these two measurement bases is that zone files are largely complete in terms of covering all registered (actively delegated) domain names under the respective TLD (e.g., .com), whereas lists can cover something other than a TLD (e.g., popular domains).
Our fDNS measurement covers a large number of generic Top-Level Domains (gTLDs) which we obtain from registries, either directly or through ICANN's Centralized Zone Data Service. We also measure a number of country-code TLDs, for either ccTLDs that are public or through a data sharing agreement with the respective registry. We download snapshots of zones (at least) once per day.
Our measurement currently covers the following generic top-level domains (TLDs):
| Generic TLD | Since | Registry operator | Status | Type |
|---|---|---|---|---|
| .com | 2015-02-20 | VeriSign | Active | Closed |
| .net | 2015-02-20 | VeriSign | Active | Closed |
| .org | 2015-02-20 | Afilias on behalf of PIR | Active | Closed |
| .info | 2016-04-06 | Afilias | Active | Closed |
| .mobi | 2016-04-06 | Afilias | Active | Closed |
| new gTLDs (*) | 2016-04-01 | Various | Active | Closed |
| .fed.us (**) | 2017-05-01 | U.S. General Services Administration (GSA) | Active | Open |
| .gov (**) | 2017-05-01 | U.S. General Services Administration (GSA) | Active | Open |
| .name | 2018-11-10 | VeriSign | Active | Closed |
| .biz | 2018-11-11 | NeuStar | Active | Closed |
| .asia | 2018-11-13 | Afilias | Active | Closed |
| .aero | 2018-11-13 | Afilias | Active | Closed |
(*) Our measurement covers almost all new gTLDs available through ICANN’s Centralized Zone Data Service, which is currently around 1200 new gTLDs.
(**) The measurement only covers US Federal domain names included in the list obtained from the US Federal Government open access API.
Our measurement currently covers the following country-code top-level domains (ccTLDs):
| Country-code TLD | Country or territory | Registry operator | Since | Status | Type |
|---|---|---|---|---|---|
| .nl | The Netherlands | SIDN | 2016-02-09 | Active | Closed |
| .se | Sweden | IIS | 2016-06-07 | Active | Open |
| .nu | Niue | IIS | 2016-06-07 | Active | Open |
| .ca | Canada | CIRA | 2016-07-07 | Active | Closed |
| .fi | Finland | Ficora | 2016-11-23 | Active | Closed |
| .at | Austria | NIC.at | 2017-01-04 | Active | Closed |
| .dk | Denmark | DKHostmaster | 2017-02-06 | Active | Closed |
| .ru | Russian Federation | TCI | 2017-06-18 | Active | Closed |
| .рф(.xn–p1ai) | Russian Federation | TCI | 2017-06-18 | Active | Closed |
| .us | United States of America | NeuStar | 2018-03-23 | Active | Closed |
| .gt | Guatemala | Registro de Dominions .gt | 2019-04-30 | Active | Closed |
| .na | Namibia | NA-NIC | 2019-05-24 | Active | Closed |
| .ee | Estonia | Eesti Interneti SA | 2019-07-29 | Active | Open |
| .co | Colombia | NeuStar | 2019-11-20 | Active | Closed |
| .ch | Switzerland | SWITCH | 2020-05-19 | Active | Open |
| .li | Liechtenstein | SWITCH | 2020-05-19 | Active | Open |
| .sk | Slovakia | .SK NIC | 2022-05-11 | Active | Open |
| .fr | France | AFNIC | 2022-08-10 | Active | Open |
| .cl | Chile | NIC Chile (University of Chile) | 2024-08-20 | Active | Closed |
If you are a DNS operator and you feel our measurement is impacting your infrastructure, please go to our Problems page for information on how to contact us and how you can block our traffic if necessary.
For forward measurements, the measurement system uses a fixed set of DNS queries, which it sends once every 24 hours for every registered domain name under a TLD. We store the resulting measurement data in a partitioned output, where the zone (source), year, month and day make up keys in the partition.
The set of queries currently consists of the following queries:
SOANS (3)A (1)AAAA (1)MX (3,4)TXTDNSKEYDSNSEC3 (2)CAACDS (5)CDNSKEY (5)
www label (e.g. www.example.com).
A and AAAA records for these records in a separate
infrastructure measurement.
TLSA records for ports 25, 465 and 587 in a separate
infrastructure measurement.
DNSKEY
or DS record exists.
All response records, including full CNAME expansions and RRSIG signature
records are stored.
The data dictionary describes the data format, including type and explanation of the fields.
The data collected by the OpenINTEL platform has numerous applications in network and network security research. To support these efforts, we make our open data available on the download page or through the links provided in the coverage overview above, under the terms and conditions outlined on our terms page. As using our data may require specialized knowledge and specific analysis infrastructure, we encourage academic researchers to contact us to discuss your needs.
Closed data may be available upon request (more information here). If you have an interest in licencing access to our data for commercial purposes feel free to contact us.
Below we provide instructions to use the data using Docker, Jupyter Lab, the AWS SDK and Apache Spark.
Create and change to a new working directory:
mkdir openintel-fdns-notebook && cd openintel-fdns-notebookCreate a Dockerfile with the following content:
FROM quay.io/jupyter/pyspark-notebook:spark-3.5.3
USER root
RUN wget -q https://repo1.maven.org/maven2/com/amazonaws/aws-java-sdk-bundle/1.11.375/aws-java-sdk-bundle-1.11.375.jar -P /usr/local/spark/jars/
RUN wget -q https://repo1.maven.org/maven2/org/apache/hadoop/hadoop-aws/3.2.0/hadoop-aws-3.2.0.jar -P /usr/local/spark/jars/
USER ${NB_UID}
RUN pip install boto3Build the Docker container:
docker build --tag 'openintel-fdns-notebook:spark-3.5.3' .Use the following command to start the Jupyter Lab docker container:
docker run -p 8888:8888 openintel-fdns-notebook:spark-3.5.3The standard output from the previous command will display a web link with authentication token.
Open the link in your browser to access Jupyter Lab, or use this link: http://127.0.0.1:8888/lab and submit the token.
Download the example .ipynb python notebook here.
Click the up arrow ("Upload Files") and upload .ipynb notebook.
A preview web version of the notebook can be found here.