APNIC Chief Scientist, Geoff Huston, gives a presentation on DOH and the changing nature of the DNS as infrastructure at NZNOG 2020 in Christchurch, New Zealand, from 28 to 31 January 2020.
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
APNIC Chief Scientist Geoff Huston gives an overview of the complex many-layered model of DNS security, and a new emerging world of choices for protecting traffic, hiding queries, and the future trends in ISP provided, and independent third-party DNS services at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
Encryption is coming to mainstream DNS. This briefing discusses the history, protocols and architecture of encrypted DNS, specifically DNS over TLS and DNS over HTTPS. It also describes the impact of DoT and DoH on various operational models.
This briefing was given during DNSheads Vienna #5 at the nic.at office in Vienna on Jan 30 2018.
2nd ICANN APAC-TWNIC Engagement Forum: DNS OblivionAPNIC
APNIC Chief Scientist Geoff Huston gives an overview of the complex many-layered model of DNS security, and a new emerging world of choices for protecting traffic, hiding queries, and the future trends in ISP provided, and independent third-party DNS services at the 2nd ICANN APAC-TWNIC Engagement Forum, held from 15 to 16 April 2021.
Encrypted DNS - DNS over TLS / DNS over HTTPSAlex Mayrhofer
Encryption is coming to mainstream DNS. This briefing discusses the history, protocols and architecture of encrypted DNS, specifically DNS over TLS and DNS over HTTPS. It also describes the impact of DoT and DoH on various operational models.
This briefing was given during DNSheads Vienna #5 at the nic.at office in Vienna on Jan 30 2018.
CNIT 40: 1: The Importance of DNS SecuritySam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Website: https://samsclass.info/40/40_F16.shtml
Updated 8-21-17
This is a presentation about DNS Cache Poisoning which was presented to the Grey H@t club at Georgia Tech. It covers the basics of DNS, how DNS is vulnerable, the effect of exploiting DNS, and the Kaminsky attack.
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F18.shtml
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
Used in this "DNS Security" course:
https://samsclass.info/40/40_F17.shtml
Based on "DNS Security" by Anestis Karasaridis, Amazon Digital Services, Inc., ASIN: B007ZW50WE
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
Signing DNSSEC answers on the fly at the edge: challenges and solutions, by Jono Bergquist.
A presentation given at the APNIC 40 APOPS 2 session on Tue, 8 Sep 2015.
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
In this talk to the IEPG session at IETF 93 in Prague on 19 July 2015, I outlined some of the challenges associated with deploying new crypto algorithms within DNSSEC and what we potentially need to do to address these challenges.
Presentation on 'The Path to Resolverless DNS' by Geoff HustonAPNIC
Presentation on 'The Path to Resolverless DNS' by Geoff Huston for OARC 39 and 47th CENTR technical workshop, held in Belgrade on 22 and 23 October 2022
CNIT 40: 1: The Importance of DNS SecuritySam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Website: https://samsclass.info/40/40_F16.shtml
Updated 8-21-17
This is a presentation about DNS Cache Poisoning which was presented to the Grey H@t club at Georgia Tech. It covers the basics of DNS, how DNS is vulnerable, the effect of exploiting DNS, and the Kaminsky attack.
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F18.shtml
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
Used in this "DNS Security" course:
https://samsclass.info/40/40_F17.shtml
Based on "DNS Security" by Anestis Karasaridis, Amazon Digital Services, Inc., ASIN: B007ZW50WE
CNIT 40: 5: Prevention, protection, and mitigation of DNS service disruptionSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
CNIT 40: 4: Monitoring and detecting security breachesSam Bowne
Slides for a college course based on "DNS Security" by Anestis Karasaridis.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/40/40_F16.shtml
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
Signing DNSSEC answers on the fly at the edge: challenges and solutions, by Jono Bergquist.
A presentation given at the APNIC 40 APOPS 2 session on Tue, 8 Sep 2015.
Deploying New DNSSEC Algorithms (IEPG@IETF93 - July 2015)Dan York
In this talk to the IEPG session at IETF 93 in Prague on 19 July 2015, I outlined some of the challenges associated with deploying new crypto algorithms within DNSSEC and what we potentially need to do to address these challenges.
Presentation on 'The Path to Resolverless DNS' by Geoff HustonAPNIC
Presentation on 'The Path to Resolverless DNS' by Geoff Huston for OARC 39 and 47th CENTR technical workshop, held in Belgrade on 22 and 23 October 2022
23rd PITA AGM and Conference: DNS Security - A holistic view APNIC
Security Specialist Jamie Gillespie presents on DNS Security, examining the complex interactions of this system, from domain registration to name resolution, the security risks of each component, and the mitigation options currently available at 23rd PITA AGM and Annual Conference in Nadi, Fiji from 8 to 12 April 2019.
This presentation is a tutorial intro to DANE (DNS Authentication of Named Entities). It describes the root problem, a possible solution using DANE, and briefly shows how you can starting using DANE and TLSA records yourself.
Demystifying SharePoint Infrastructure – for NON-IT People SPC Adriatics
This talk is specifically for NON-SharePoint infrastructure administrators (or for new ones still figuring things out)! Instead it’s for the rest of the SharePoint team – come learn about the basic building blocks of SharePoint infrastructure – things like DNS, load balancing, AD, high availability and disaster recovery, backup options, database options, and some of the core components of Windows in an understandable way so you can speak the lingo and seem really smart!
Zvonimir Mavretić
Get an overview of the Domain Name System (DNS) one of the pillars of the Internet and understand the internal security issues of the DNS as well as the crucial role it plays in cybersecurity.
Computer Networks Module 1 - part 2.pdfShanthalaKV
18CS52 VTU Computer Network & Security
MODULE 1-Part 2
DNS; The Internet's Directory Service: Services Provided by DNS, Overview of How DNS Works, DNS Records and Messages, Peer-to-Peer Applications: P2P File Distribution, Distributed Hash Tables, Socket Programming: creating Network Applications: Socket Programming with UDP, Socket Programming with TCP.
Private DNS Infrastructure Support in Hybrid ScenariosDaniel Toomey
A discussion of DNS private resolver architecture, how it is leveraged for private resolution for Azure <-> Azure and Azure <-> On-Prem and other things including private DNS zones and conditional forwarding rules.
As presented to the Brisbane Azure Group by Rachel Calleia (https://www.linkedin.com/in/rachel-calleia-669439144/)
Private DNS Infrastructure Support in Hybrid ScenariosDaniel Toomey
A discussion of DNS private resolver architecture, how it is leveraged for private resolution for Azure <-> Azure and Azure <-> On-Prem and other things including private DNS zones and conditional forwarding rules.
As presented to the Brisbane Azure Group by Rachel Calleia (https://www.linkedin.com/in/rachel-calleia-669439144/)
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
Registry Data Accuracy Improvements, presented by Chimi Dorji at SANOG 41 / I...APNIC
Chimi Dorji, Internet Resource Analyst at APNIC, presented on Registry Data Accuracy Improvements at SANOG 41 jointly held with INNOG 7 in Mumbai, India from 25 to 30 April 2024.
APNIC Policy Roundup, presented by Sunny Chendi at the 5th ICANN APAC-TWNIC E...APNIC
Sunny Chendi, Senior Advisor, Membership and Policy at APNIC, presents 'APNIC Policy Roundup' at the 5th ICANN APAC-TWNIC Engagement Forum and 41st TWNIC OPM in Taipei, Taiwan from 23 to 24 April.
DDoS In Oceania and the Pacific, presented by Dave Phelan at NZNOG 2024APNIC
Dave Phelan, Senior Network Analyst/Technical Trainer at APNIC, presents 'DDoS In Oceania and the Pacific' at NZNOG 2024 held in Nelson, New Zealand from 8 to 12 April 2024.
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
Geoff Huston, Chief Scientist at APNIC deliver keynote presentation on the 'Future Evolution of the Internet' at the Everything Open 2024 conference in Gladstone, Australia from 16 to 18 April 2024.
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
Paul Wilson, Director General of APNIC delivers a presentation on IP addressing and IPv6 to the Policymakers Program during IETF 119 in Brisbane Australia from 16 to 22 March 2024.
draft-harrison-sidrops-manifest-number-01, presented at IETF 119APNIC
Tom Harrison, Product and Delivery Manager at APNIC presents at the Registration Protocols Extensions working group during IETF 119 in Brisbane, Australia from 16-22 March 2024
Benefits of doing Internet peering and running an Internet Exchange (IX) pres...APNIC
Che-Hoo Cheng, Senior Director, Development at APNIC presents on the "Benefits of doing Internet peering and running an Internet Exchange (IX)" at the Communications Regulatory Commission of Mongolia's IPv6, IXP, Datacenter - Policy and Regulation International Trends Forum in Ulaanbaatar, Mongolia on 7 March 2024
APNIC Update and RIR Policies for ccTLDs, presented at APTLD 85APNIC
APNIC Senior Advisor, Membership and Policy, Sunny Chendi presented on APNIC updates and RIR Policies for ccTLDs at APTLD 85 in Goa, India from 19-22 February 2024.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
2.Cellular Networks_The final stage of connectivity is achieved by segmenting...JeyaPerumal1
A cellular network, frequently referred to as a mobile network, is a type of communication system that enables wireless communication between mobile devices. The final stage of connectivity is achieved by segmenting the comprehensive service area into several compact zones, each called a cell.
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Understanding User Behavior with Google Analytics.pdfSEO Article Boost
Unlocking the full potential of Google Analytics is crucial for understanding and optimizing your website’s performance. This guide dives deep into the essential aspects of Google Analytics, from analyzing traffic sources to understanding user demographics and tracking user engagement.
Traffic Sources Analysis:
Discover where your website traffic originates. By examining the Acquisition section, you can identify whether visitors come from organic search, paid campaigns, direct visits, social media, or referral links. This knowledge helps in refining marketing strategies and optimizing resource allocation.
User Demographics Insights:
Gain a comprehensive view of your audience by exploring demographic data in the Audience section. Understand age, gender, and interests to tailor your marketing strategies effectively. Leverage this information to create personalized content and improve user engagement and conversion rates.
Tracking User Engagement:
Learn how to measure user interaction with your site through key metrics like bounce rate, average session duration, and pages per session. Enhance user experience by analyzing engagement metrics and implementing strategies to keep visitors engaged.
Conversion Rate Optimization:
Understand the importance of conversion rates and how to track them using Google Analytics. Set up Goals, analyze conversion funnels, segment your audience, and employ A/B testing to optimize your website for higher conversions. Utilize ecommerce tracking and multi-channel funnels for a detailed view of your sales performance and marketing channel contributions.
Custom Reports and Dashboards:
Create custom reports and dashboards to visualize and interpret data relevant to your business goals. Use advanced filters, segments, and visualization options to gain deeper insights. Incorporate custom dimensions and metrics for tailored data analysis. Integrate external data sources to enrich your analytics and make well-informed decisions.
This guide is designed to help you harness the power of Google Analytics for making data-driven decisions that enhance website performance and achieve your digital marketing objectives. Whether you are looking to improve SEO, refine your social media strategy, or boost conversion rates, understanding and utilizing Google Analytics is essential for your success.
2. Words of Caution!
I’m speaking after Paul
And I’m speaking on the DNS
This may not end well!
But here goes…
3. What defines “The Internet”?
• The 1990’s answer was all about ‘reachability’
• The Internet was this connected domain where every connected device could
send IP packets to any other connected device
• And the packet I sent to you is the packet you got
• Modulo TTL and fragmentation and reassembly
• But then we invented enterprise networks, firewalls and security
realms, NATs and all kinds of “value added” network services
• And the entire architecture of the Internet shifted to a client/server
architecture
• Clients could interact with servers, but not with each other
4. What defines “The Internet”?
• Then we turned to the server model and started playing with anycast
to improve server performance by service replication
• Today:
• Clients don’t have a public IP address (NATs)
• Server’s don’t have a unique public IP address (Anycast)
• So what is the address architecture of the Internet?
5. What defines “The Internet”?
• If the Internet used be defined by a communications domain that
shared a common name and address infrastructure then we’ve
broken the address part and its never going to come back!
• The Internet is now defined only by a common name space
6. The DNS as the Internet’s Glue
RFC 2826:
Effective communications between two parties requires two essential
preconditions:
• The existence of a common symbol set, and
• The existence of a common semantic interpretation of these
symbols.
Failure to meet the first condition implies a failure to
communicate at all, while failure to meet the second implies that
the meaning of the communication is lost.
7. The Internet’s Domain Name System
What is it?
• A common set of syntax rules that defines ‘valid’ DNS names
• A hierarchically structured distributed database
• A common name resolution protocol that can consult this database and map
a name to a value
• A collection of engines (resolvers and servers) that run a common
query/response protocol that performs name resolution
8. The DNS as Internet Infrastructure
The Theory:
• Names are visible to all
• Names resolve consistently to the same values all the time
The Practice:
• How much of these two principles can we break and still get away with it?
9. Old School DNS
• The DNS is operated as a common infrastructure (not application
specific)
• The common infrastructure assumes a common and consistent name
set in the DNS that is assessible to all
• If a name is defined than its definition is the same for all queriers
• If a name doesn’t exist it doesn’t exist for every querier
10. Old School DNS
• DNS resolvers configured with IP addresses as part of the connection
context (DHCP)
• DNS recursive resolvers operated by the ISP as part of the ISP’s
service to their users
• DNS authoritative services provided in various ways (often as part of
web hosting environments)
• Applications used gethostbyname() and tapped into the DNS common
infrastructure
11. Old School DNS
DNS Authoritative
Servers
ISP-operated
Recursive ResolversPlatform Stub DNS
libraries
12. DNS (Ab)Use
• Split Horizon DNS
• NXDOMAIN substitution
• TTL munging and Cache manipulation
• Fake Roots
• White Lies: DNS64
• DNS Geolocation
• EDNS Client Subnet
13. The Path to DoH
The DNS leaks information like a sieve
https://xkcd.com/1361/
14. Why pick on the DNS?
• The DNS is very easy to tap
• Its open and unencrypted
• DNS traffic is easy to tamper with
• Its payload is not secured and tampering cannot be detected
• Its predictable and false answers can be readily inserted
• The DNS is hard for users to trace
• Noone knows exactly where their queries go
• Noone can know precisely where their answers come from
• The DNS is used by everyone
16. How can we improve DNS
Privacy?
And not alter the DNS architecture in fundamental ways
Move away from clear queries and responses and use session
encryption
17. Encrypting the session
• Today the standard tool is TLS, which uses dynamically generated
session keys to encrypt all traffic between two parties
• We could use TLS between the end client and the client’s recursive
resolver
• We could probably do the same between recursive resolvers and
authoritative servers, but the IETF is doing this one step at a time
18. DoT - DNS over TLS
• TLS is a TCP ‘overlay’ that adds
server authentication and session
encryption to TCP
• TLS uses an initial handshake to
allow a client to:
• Validate the identity of the server
• Negotiate a session key to be used
in all subsequent packets in the TCP
session
• RFC 7858, RFC 8310, RFC8446
DNS over TLS 1.3
Client Server
Client hello
Supported AEADS
Signatures
Key Share
Server hello
Chosen AEAD
Key Share
Certificate
Signature
Finished
Finished
DNS Query
DNS Response
19. DoT - DNS over TLS
• Similar to DNS over TCP:
• Open a TLS session with a recursive resolver
• Pass the DNS query using DNS wireline format
• Wait for the response
• Can use held DNS sessions to allow the TLS session to be used for
multiple DNS queries
• The queries and the responses are hidden from intermediaries
• The client may validate the recursive resolver’s identity …
20. Who is at the other end of the
TLS session?
Strict Mode:
• Connect by name, and perform a TLS handshake based on authentication of
the offered name certificate
(which sounds a whole lot better than it really is due to the WEB PKI CA mess!)
Opportunistic Mode:
• Use an unauthenticated encrypted session
(the client has no idea who it is talking to, but whatever is said cannot be eavesdropped in
any case!)
21. DNS over TLS and Android
https://android-developers.googleblog.com/2018/04/dns-over-tls-support-in-android-p.html
22. DoT - DNS over TLS
• Its TCP not UDP -- May generate a higher recursive resolver memory
load as each client may have a held state with one or more recursive
resolvers
• The TCP session state is on port 853
• DNS over TLS can be readily blocked by middleware
• The privacy is relative, as the recursive resolver still knows all your
DNS queries
• Supported by Bind (stunnel), Unbound, KNOT, DNSDist
• Open DoT Resolvers from Google, Cloudflare (and maybe others)
23. But once you are using TLS
it’s a short step to…
24. DoH - DNS over HTTPS
• DNS over HTTPS
• Uses an HTTPS session with a resolver
• Similar to DNS over TLS, but with
HTTP object semantics
• Uses TCP port 443, so can be masked
within other HTTPS traffic
• Uses DNS wire format
DNS
TLS
TCP
IP
DOT
DNS
TLS
TCP
IP
DOH
HTTP
26. DoH - DNS within the Browser
• Firefox’s “Trusted Recursive Resolver”
• Avoids using the local DNS resolver library and local DNS
infrastructure
• Has the browser sending its DNS queries directly to a trusted resolver
over HTTPS
• Servers available from Cloudflare, Google, CleanBrowsing
27. Why DoH?
• Lives on TCP port 443
• DNS content denoted by “application/dns- message”, allowing a
server to distinguish DNS queries within the HTML stream (which is
encrypted in TLS with HTTPS)
• i.e. DNS queries and responses can be readily intertwined in other HTTPS
traffic
28. Why DoH?
• Applications can effectively hide DNS transactions from the network
• TLS 1.3 and ESNI can remove all visible indication of the DoH server name
from the network
• DoH queries and responses can use both DNS and HTML padding to disguise
the payload size
• Applications can effectively hide DNS transactions from the platform
• No DNS query logs on the platform
• No cross-application spyware on the platform
30. DoH Futures?
• HTML prefetch?
• How can the client ascertain if the pushed data is genuine?
• What is the use context of the pushed name resolution?
• DoH only names
• Implicit client identification allowing for client customisation
• Morph the DNS into the WEB infrastructure?
• Use HTTPS content distribution infrastructure for DoH web objects
32. DoQ - DNS over QUIC
• QUIC is a transport protocol originally developed
by Google and passed over to the IETF for
standardised profile development
• QUIC uses a thin UDP shim and an encrypted
payload
• The payload is divided into a TCP-like transport
header and a payload
• The essential difference between DOT and DOQ
is the deliberate hiding of the transport protocol
from network middleware with the use of QUIC
• No known implementations of DNS over QUIC
exist, though IETF work continues
draft-huitema-quic-dns-quic-07
DNS
TLS
TCP
IP
DNS
QUIC
UDP
IP
DOT DOQ
DNS
TLS
TCP
IP
DOH
HTTP
TLS
33. DoT, DoH, DoQ
Its not a rule, but
• It seems that applications (browsers) are looking to DoH and possibly DoQ
• Platforms are looking to use DoT as an alternative to DNS in the clear
34. Whose DNS is it anyway?
• ISP-provided DNS infrastructure
• User configured DNS resolvers can override ISP defaults
• Although open DNS and DoT can be blocked at the ISP level by port level
blocking and interception
• It’s unclear whether DoH and DoQ can be blocked so readily
• Application selected resolvers can override ISP and platform
configured defaults
• It’s unclear whether an applications use of DoH can even be detected by the
platform, let alone by the ISP
35. DNS use in the Internet
Provider’s DNS
Same country
(Provider’s DNS)
Google’s Public
DNS
All the rest (Open
DNS platforms)
Top 10
36. DNS use in New Zealand
Provider’s DNS
Same country
(Provider’s DNS)
Google’s Public
DNS
All the rest (Open
DNS platforms)
Top 10