A recent report by NS1 provides a comprehensive look at global DNS traffic trends. It reveals that public resolvers dominate the internet, accounting for nearly 60% of recursive DNS usage. Telecom giants represent nearly 9%, with Google the clear front-runner at a little over 30%, followed by Amazon Web Services at 16%. The report also highlights the declining usage of EDNS Client Subnet (ECS), the slow adoption of IPv6 and DNSSEC, and the emergence of HTTPS records as a solution to the “CNAME-at-apex” challenge.
The report is based on the analysis of data collected over a three-month period from customers of NS1 Managed DNS. This data included more than 7.54 trillion queries and 15.1 trillion packets, amounting to an average of one million queries per second every second of every day. Most of the traffic originated in North America (42%) and Europe (26%), while the rest was distributed among other regions, such as Asia.
Some of the key findings include the following:
NXDOMAIN traffic is an often ignored but useful source of data about network health. It is generally expected that a certain amount of NXDOMAIN (Non-Existent Domain) traffic is normal. The research found that a rate of 3-4% is typical in most large enterprises. However, if the rate of NXDOMAIN responses rises to single digits, this can be an indication that something is wrong.
Public DNS resolvers are prevalent in the internet name system. Analysis of NS1’s recursive infrastructure revealed that public resolvers dominate the traffic, with Google alone taking up more than 30%—a surprise to the researchers as more traffic is generally expected to through ISPs. Further investigation showed that in smaller countries, many ISPs tend to direct traffic to Google and other public resolvers by default. This is likely because using existing infrastructure is more convenient, secure, and cost-effective than creating their own.
Infrastructure providers are hindering the widespread adoption of IPv6 and DNSSEC. The usage of IPv6 is still at around 30%, while the usage of DNSSEC is only 14%. Even Google’s resolver services only saw 5% of queries coming from zones that have DNSSEC enabled.