1 Introduction
World Internet usage and population statistics | ||||||
---|---|---|---|---|---|---|
June 30, 2012 | ||||||
World regions | Population (2012 est.) | Internet users Dec. 31, 2000 | Internet users latest data | Penetration (% population) | Growth 2000–2012 (%) | Users % of table (%) |
Africa | 1,073,380,925 | 4,514,400 | 167,335,676 | 15.6 | 3,606.7 | 7.0 |
Asia | 3,922,066,987 | 114,304,000 | 1,076,681,059 | 27.5 | 841.9 | 44.8 |
Europe | 820,918,446 | 105,096,093 | 518,512,109 | 63.2 | 393.4 | 21.5 |
Middle East | 223,608,203 | 3,284,800 | 90,000,455 | 40.2 | 2,639.9 | 3.7 |
North America | 348,280,154 | 108,096,800 | 273,785,413 | 78.6 | 153.3 | 11.4 |
Latin America/Caribbean | 593,688,638 | 18,068,919 | 254,915,745 | 42.9 | 1,310.8 | 10.6 |
Oceania/Australia | 35,903,569 | 7,620,480 | 24,287,919 | 67.6 | 218.7 | 1.0 |
World total | 7,017,846,922 | 360,985,492 | 2,405,518,376 | 34.3 | 566.4 | 100.0 |
2 Background
2.1 IPv6
2.1.1 Status of IPv6 deployment
2.2 DNSSEC
2.2.1 What is DNSSEC?
-
DNSKEYDNSSEC public key, defined in RFC 4034.DNSSEC resource records contain the public key for the zone. They come in two flavors, a zone signing key (ZSK) and a key signing key (KSK). Generally, the KSK signs only certain records within the zone, while the ZSK signs all of the records. You may have as many of each as required for key-rollover protocols or for your needs.
-
DSDelegation signer, defined in RFC 4034.A DS resource records stored key tag, algorithm number, and DNSKEY RR’s digest, used in the DNSKEY certification process. DS resource records and its corresponding DNSKEY resource records have the same owner name, but they are stored in different places. DS resource records appear only in the parent zone, such as “example.com.” DS resource records are then stored in the “com” zone, and its corresponding DNSKEY resource records are to be stored in the “example.com” zone.
-
DLVDNSSEC look-aside validation, defined in RFC 4431.The DLV resource record has exactly the same wire and presentation formats as the DS resource record. DLV record does not inherit any of the special processing or handling requirements of the DS record type. Unlike the DS record, the DLV record may not appear on the parent’s side of a zone cut. A DLV record may, however, appear at the apex of a zone.For example, a DS record has your zone’s name (example.com) while a DLV record has an additional name (example.com.dlv.isc.org.).
-
NSECNext secure, defined in RFC 4034.NSEC resource records links to the next record name in the zone and lists the record types that exist for the record’s name. These records can be used by resolvers to verify the non-existence of a record name and type as part of DNSSEC validation.
-
NSEC3Next secure ver.3, defined in RFC 5155.Like NSEC, NSEC3 resource records can also be used by resolvers to verify the non-existence of a record name and type as part of DNSSEC validation. The NSEC3 resource record links to the next record name in the zone and lists the record types that exist for the name covered by the hash value in the first label of the NSEC3 resource records’ own name. NSEC3 resource records have the same functionality as NSEC, except NSEC3 resource records use cryptographically hashed record names to prevent enumeration of the record names in a zone.
-
RRSIGResource record signature, defined in RFC 4034.RRSIG holds the digital signature of DNSSEC; resolvers can use public key in DNSKEY resource records to verify it.
2.2.2 Related research
2.2.3 Status of DNSSEC deployment
Domain | Total | Number of support | Percent |
---|---|---|---|
Root domains | 12 | 13 | 100 |
gTLDs | 26 | 9 | 35 |
ccTLDs | 253 | 87 | 34.39 |
2.3 Existing detection platform
Function name | Caption |
---|---|
Domain Dossier | Investigate domains and IP addresses. Get registrant information, DNS records, and more—all in one report. |
Domain Check | See if a domain is available for registration. |
Email Dossier | Validate and troubleshoot email addresses. |
Browser Mirror | See what your browser reveals about you. |
Ping | See if a host is reachable. |
Traceroute | Trace the network path from this server to another. |
NsLookup | Look up various domain resource records with this version of the classic NsLookup utility. |
AutoWhois | Get Whois records automatically for domains worldwide. |
TcpQuery | Grab a web page, look up a domain, and more. |
AnalyzePath | Do a simple, graphical traceroute. |
3 System design
3.1 Observed objects
Rank | Host Name |
---|---|
1 | Yahoo.com |
2 | Facebook.com |
3 | Google.com.tw |
4 | Pixnet.net |
5 | Google.com |
6 | Ettoday.net |
7 | Gamer.com.tw |
8 | Youtube.com |
9 | Mobile01.com |
10 | Ck101.com |
3.2 Target objects
3.3 Research framework
3.4 Methods
Tool name | Caption |
---|---|
CentOS 7 | Linux-based operating system |
Python 3.4.2 | Used to collect and analyze data |
PHP 5.4.16 | Used to implement the website of our system |
MariaDB 5.5.40 | Used to record data |
HTML5+CSS3+Javascript | Used to design the user interface |