![[CAIDA - Center for Applied Internet Data Analysis logo]](/images/caida_globe_faded.png "Go to CAIDA home page")
All DNS-related survey traffic is sourced from one of the following CAIDA IP addresses:
- 192.172.226.154
- 192.172.226.155
- 192.172.226.156
In NO case do we send a large amount of traffic to a single IP address. We have no malicious intent and do not attempt to gauge nameserver performance.
We utilize the following types of probes and queries:
-
DNS queries to authoritative nameservers
We may send "normal" queries to your authoritarive nameserver. These include requests for A, NS, SOA, and other types of DNS records. We may also send "recursive" queries to an authoritative server to find out if it also offers recursion.
-
DNS queries to caching nameservers
We may send both recursive and non-recursive queries to a caching nameserver to find out if it answers queries from outside its administrative domain, and whether or not it is an open resolver.
-
DNS queries to "random" IP addresses
In one of our surveys, we send queries to randomly-selected routable IP addresses. Thus, you may see probes from us to addresses that you are not using (aka "darkspace") and/or addresses that you know are not running DNS nameservers.
-
VERSION.BIND queries
When we find a functional nameserver, we may send it a "VERSION.BIND" query to learn which software it is running.
-
fpdns fingerprinting
We also utilize the fpdns program to determine the type and version of software of a particular nameserver. fpdns typically sends a sequence of specially-crafted queries. The characteristics of the replies enable remote fingerprinting of known implementations.
If you have questions, complaints, or concerns, please feel free to contact us at info at caida.org. If you feel strongly that you wish not to receive such queries, please specify in your message that you wish us to include your IP addresses in our no-probe list.