Currently, the DNS community has limited visibility of the capabilities and deployed features of the millions of recursive resolvers in use across the internet. A helpful source of data has been provided by APNIC over the last decade or so by the use of Google Ads but it has been felt that having alternative more accessible methods of collecting this data would be advantageous and provide more flexibility going forward.
The DNS Research Federation have been commissioned by ICANN OCTO to develop an open source testbed suitable for use by organisations with high query traffic, utilising popular open source DNS and Web servers to facilitate the testing of Resolver Capabilities and rational collection of data for analysis. The intention is to provide a good range of DNS feature tests out of the box to allow organisations to perform specific feature testing for themselves as well as to encourage contribution of general data trends to the wider community.
The Resolver Capability Testbed works by controlling and configuring the authoritative nameserver for known test domains. This allows for the capture of traffic from public resolvers when they make queries to the authority and allows for testing of support for specific DNS features of resolvers in the wild.
In order to trigger DNS queries, HTTP requests are made to the known test domains which in turn create DNS A/AAAA record lookups which can then be captured by the authoritative nameserver and analysed to determine support for a given DNS feature.
The Testbed contains two main framework components - a Server Side Configuration and Reporting Toolkit (SSCRT) and a Client Side Website Toolkit (CSWT).
The SSCRT is installed on a server where it sets up and configures an authoritative nameserver (BIND) as well as a web server (Apache). Once installed, tests can be created for test domain names for a range of built in test types via a simple CLI tool. The SSCRT manages the setting up of the DNS zone as well as configuring Apache and associated SSL certificates to faciliate the receipt of valid HTTPS requests and corresponding DNS lookups. The test domain names are then configured at the Registrar with delegated Nameservers to target the testbed. All requests made to the SSCRT are logged and these logs can then be retrieved using the CLI tool or streamed directly to the DNSRF DAP.LIVE platform for further analysis.
The following diagram shows the key architectural components and how they fit together to form the Testbed:
To read detailed documentation about the testbed including installation guides for both the Server Side and Client Side components please visit the documentation here
You can also view the open source project on Github here