The Domain Name System (DNS) is part of critical internet infrastructure, as DNS is invoked whenever a remote server is accessed (an URL is visited, an API request is made, etc.) by any application. DNS queries are served in hierarchical manner, with most queries served locally from cached data, and a small fraction propagating to the top of the hierarchy - DNS root name servers. Our research aims to provide a comprehensive, longitudinal characterization of DNS queries received at B-Root over ten years. We sampled and analyzed a 28-billion-query large dataset from the ten annual Day in the Life of the Internet (DITL) experiments from 2013 through 2022. We sought to identify and quantify unexpected DNS queries, establish longitudinal trends, and compare our findings with published results of others. We found that unexpected query traffic increased from 39.57% in 2013 to 67.91% in 2022, with 36.55% of queries being priming queries. We also observed growth and decline of Chromium-initiated, random DNS queries. Finally, we analyzed the largest DNS query senders and established that most of their traffic consists of unexpected queries.

翻译：域名系统（DNS）是互联网关键基础设施的组成部分，因为每当任何应用程序访问远程服务器（如访问网址、发起API请求等）时，都会调用DNS。DNS查询以分层方式提供服务，大多数查询通过缓存数据在本地完成，仅有一小部分查询会传播至层级顶端——DNS根名称服务器。本研究旨在对B-Root在十年间接收的DNS查询进行全面的纵向特征分析。我们采样并分析了2013年至2022年十次年度"互联网生活一日"（DITL）实验中包含280亿条查询的大规模数据集。我们试图识别并量化异常DNS查询，建立纵向变化趋势，并将我们的发现与已发表的研究结果进行对比。研究发现，异常查询流量从2013年的39.57%增长至2022年的67.91%，其中36.55%的查询为启动查询。我们还观察到Chromium发起的随机DNS查询呈现增长与衰减趋势。最后，我们分析了最大DNS查询发送方，并确定其大部分流量由异常查询构成。