We have been making steady progress behind the scenes and are very happy to finally be able to show off some of our hard work:
We have integrated the DNShonest remote DNS probing tool
created by Joss Wright
of the Oxford Internet Institute into Chokepoint Project´s Structured Human Rights Analytics platform.
This allows us to do a number of things :
1. See for each Domain Name Server if it lies about the domains we ask it about.
2. See which Autonomous Systems contain DNS servers that lie about domains
3. See who owns the Autonomous Systems that contain lying DNS systems
This iteration is testing a small set of domain servers (200) in China for replies given to a small set of domains (180). We are running the probe every hour which results in a little less than 18000 queries. The results are then tested for suspicious replies, which in turn are tested for states of “lying”, “probably lying” and “maybe lying”. From these results statistics are generated which are visualized on our public dashboard.
Country page : https://beta.chokepointproject.net/country/CN?show=2013-09-21
Worldmap : https://beta.chokepointproject.net/
Lying is a big claim, and in this case it explicitly means that a reply given by a domain name server is not the reply it should give. We have tried to avoid false positives as much as possible, and first identifying suspicious replies, after which additional probes aid in determining if something is a lie or not.More information is available at https://beta.chokepointproject.net/aboutWorldbank
In this release we also show a visualization of a selection of Worlbank data, this is intended primarily to provide some basic contextual insight into the country for which data is presented. In the case of China, the internet usage in 2011 (most recent Worldbank statistic) was 38.4% of the country. In the context of the DNShonest results this means that 61.6% of the Chinese population is unaffected by these “lying” DNS servers. Of course the internet usage will have increased somewhat over the past 21 months, so this conclusion should not be seen as representative of the current situation.What´s next?
Well, a lot. First of all, we will start rolling this out to all countries and increase both the number of servers tested and the numbers of domains tested. Additionally, we can already see improvements to the dashboard visualizations that should be made.
Many thanks are in order for the Internet Protection Lab who provided some sorely needed funding out of a donation made by the Dutch .nl registrar SIDN.
If you like our work so far, please consider throwing a little funding our way. Any amount, no matter how large will help us build more, faster and shinier tools (and pay the rent on our cardboard box sub-basement walk-downs.) https://chokepointproject.net/donate/