Netnod DNS Data retention Policy

Introduction

Netnod collects large amounts of data from our different DNS services around the world. Most of this is on behalf of customers. Some is for operational reasons or research. In at least one case (i.root-servers.net) there is also an ambition to, if feasible, keep data “for posterity” to enable future research, should that happen.

For the purpose of this policy we distinguish between three different categories of DNS data depending on the zone that the DNS query refers to. In addition there is a fourth category for data that is not specific to a particular zone (i.e. the data is an aggregation over multiple zones).

This policy describes Netnod’s intent and ambition regarding data retention. It is not a commitment to necessarily keep data this long (i.e. if we for operational reasons need to discard data we will do that, even if that violates this policy).

 

Current Retention Policy

Data collected for DNS root nameservice, i.e. i.root-servers.net

Netnod will keep root data for as long as operationally feasible, but with the source addresses of the DNS queries anonymised. Data younger than 12 months will be kept online, if possible.
Per packet data is kept for as long as operationally feasible, but not longer than for 12 months.

Data collected for customers of our DNSNODE TLD services

Netnod will keep data for TLD customers for at least 3 months and no longer than for 6 months. There is no offline archival service.

Data collected for customers of our DNSNODE Enterprise services

Netnod will keep data for DNSNODE Enterprise customers for at least one month and no longer than 3 months.

Data that is not zone-specific, but site-specific

Netnod will keep data that does not identify the DNS zone (i.e., neither the customer nor the end client) for as long as operationally feasible to enable long-term trend analysis.

In this category no per-packet data is kept.

Types of data

Data in this context is information collected from the network as part of providing our services. Typically data may consist of DNS queries and possibly DNS responses (i.e. packet data). It may also consist of aggregated information like counters for “how many queries, of all types, during a particular period” or “how many queries for the MX record for a domain name during a particular period”.

In no case does the data consist of the DNS zones that we publish on behalf of customers. Such information is kept only as long as it is necessary to provide the services and is never stored for later use.

In addition to the data types above, which are per-zone, there is also data that is aggregated over multiple zones. I.e. the zone is effectively anonymised and the result represents a combined view of eg. “DNS traffic volume to a particular DNS anycast site”. Such data is referred to as “site-specific, not zone-specific data” and is very important to Netnod for planning purposes.

 

Contact us

I you have any questions, you can contact us at:

info@netnod.se

 

Version 1.0

27/11/2018

Tags