Abstract
AS112 is an anycast DNS deployment that responds to junk queries, i.e. leaked queries from internal networks, which should have been handled locally. This includes reverse DNS queries for RFC1918 and link local addresses, and queries for home.arpa and service.arpa.
Unlike other anycast deployments, AS112 is volunteer-run and uncoordinated. Anyone can contribute to AS112 by setting up a DNS server, announcing the AS112 anycast prefixes, and responding to queries.
AS112 helps protect important parts of the Internet infrastructure, but there has been no comprehensive study of who runs the AS112 servers, where they are located, and whether they effectively capture leaked queries. Using RIPE Atlas and 33646 open recursive resolvers, we detect 469 AS112 sites, run by 97 operators, and compare the response time and query distances of AS112 to root server queries. AS112 performs well, with 23.21% lower median response times and 36.11% lower median distances than the root. However, AS112 is largely dependent on few large operators (one operator serves 41.71% of probes in our study), limiting its resilience.
Recording
Video will be added soon.
Speaker
Elizabeth Boswell
Elizabeth Boswell is a 3rd year PhD student in the Internet Protocols Laboratory at the University of Glasgow.
Her research focuses on large scale measurements of DNS infrastructure and she is currently studying privacy and security risks associated with the AS112 anycast deployment. Previously, she researched NAT64 deployment and DNS name collisions, and contributed to research on IPv6 extension headers.
Rate this talk
Rating will open: Monday, 18 May 2026 09:00 (+0100).