Measuring the global domain name system

The Internet is a worldwide distributed critical infrastructure, and it is composed of many vital components. While IP routing is the most important service, today the Domain Name System can be classified as the second most important, and has been defined as a critical infrastructure as well. DNS enables naming services used by every networked application and therefore by every networked critical infrastructure. Without DNS all services used in daily life activities (e.g., commerce, finance, industrial process control, logistics, transportation, health care) become unavailable. A big challenge is to guarantee the proper level of DNS health. Providing DNS health requires monitoring the system, analyzing its behavior, and planning and actuating corrective actions. There are several initiatives in this field, all claiming to be able to measure the DNS health from a local perspective. The reality is a bit different and many challenges are still open: no standard metric exist (only a shared list of five health indicators); no common rules to compute health indicators are agreed; no common concept of regular DNS behavior is defined. The Measuring the Naming System (MeNSa) project proposes a formal and structured methodology and a set of metrics for the evaluation of the DNS health and security levels. This article discusses the problem of measuring the DNS health level and introduces the main concepts of the MeNSa project. Finally, using a real case study, the problem of metrics aggregation is discussed.