In summer 2016 I provided brief analysis of open DNS-resolvers (DDoS-attacks type DNS Amplification sources) by countries. Using the same shodan I decided to make NY report and to calculate the dynamics. The year is new but security holes are old.
So, NY report for DNS with open recursion has such behavior as to June one in integral TOP-10 for the world:
| 2016 | 2017 | Fixed, % | |
| China | 1066365 | 604080 | 43,35 |
| Taiwan | 308033 | 244719 | 20,55 |
| USA | 254265 | 206442 | 18,81 |
| Korea | 252341 | 232386 | 7,91 |
| Russia | 172123 | 131060 | 23,86 |
| India | 160751 | 115616 | 28,08 |
| Brazil | 155392 | 155889 | -0,32 |
| Turkey | 97970 | 74572 | 23,88 |
| Japan | 58950 | 49473 | 16,08 |
| Italy | 46168 | 54122 | -17,23 |
name='more'>
Countries with positive percentage decreased opens resolvers' quantity and negative percentage holders increased it.
In general, open recursion DNS-servers quantity is less than half a year. The whole world shows such numbers according to previous table:
| TOTAL | 3537994 | 2710631 | 23,39 |
Differential TOP 10 based on integral one for DNS open resolvers looks liken a chart:
And in the table view:
| Country | Fixed, % | |
| 1 | China | 43,35 |
| 2 | India | 28,08 |
| 3 | Turkey | 23,88 |
| 4 | Russia | 23,86 |
| 5 | Taiwan | 20,55 |
| 6 | USA | 18,81 |
| 7 | Japan | 16,08 |
| 8 | Korea | 7,91 |
| 9 | Brazil | -0,32 |
| 10 | Italy | -17,23 |
So, it is clear that IPv4-space contains less open resolvers (DDoS-attacks sources) for 23,4%.
Possible reasons of such dynamics are:
- DNS-servers were reconfigured correctly
- Unused services were disabled on servers
- Hosting- and Internet-providers blocked a part of malicious traffic sources
- Upgraded software disables recursion by default
- Shodan loses control of vulnerable servers
- Your version
A little HOWTO for holey DNS fixup: here (in Russian) and here (in English).
