diff --git a/src/assets/images/radar/tld-ranking-by-dns-magnitude.png b/src/assets/images/radar/tld-ranking-by-dns-magnitude.png new file mode 100644 index 000000000000000..21b6e9dbb12c9b8 Binary files /dev/null and b/src/assets/images/radar/tld-ranking-by-dns-magnitude.png differ diff --git a/src/content/changelog/radar/2025-10-27-radar-tld-insights.mdx b/src/content/changelog/radar/2025-10-27-radar-tld-insights.mdx new file mode 100644 index 000000000000000..ba542261236b69c --- /dev/null +++ b/src/content/changelog/radar/2025-10-27-radar-tld-insights.mdx @@ -0,0 +1,23 @@ +--- +title: TLD Insights in Cloudflare Radar +description: New Top-Level Domain (TLD) insights in Cloudflare Radar, including popularity, traffic, and security +products: + - radar +date: 2025-10-27 +--- + +[**Radar**](/radar/) now introduces Top-Level Domain (TLD) insights, providing visibility into popularity based on the DNS magnitude metric, detailed TLD information including its type, manager, DNSSEC support, RDAP support, and WHOIS data, and trends such as DNS query volume and geographic distribution observed by the [1.1.1.1](/1.1.1.1/) DNS resolver. + +The following dimensions were added to the Radar DNS API, specifically, to the [`/dns/summary/{dimension}`](/api/resources/radar/subresources/dns/methods/summary_v2/) and [`/dns/timeseries_groups/{dimension}`](/api/resources/radar/subresources/dns/methods/timeseries_groups_v2/) endpoints: + +- `tld`: Top-level domain extracted from DNS queries; can also be used as a filter. +- `tld_dns_magnitude`: Top-level domain ranking by [DNS magnitude](/radar/glossary#dns-magnitude). + +And the following endpoints were added: + +- [`/tlds`](/api/resources/radar/subresources/tlds/methods/list/) - Lists all TLDs. +- [`/tlds/{tld}`](/api/resources/radar/subresources/tlds/methods/get/) - Retrieves information about a specific TLD. + +![Screenshot of the TLD ranking by DNS magnitude](~/assets/images/radar/tld-ranking-by-dns-magnitude.png) + +Learn more about the new Radar DNS insights in our [blog post](https://blog.cloudflare.com/introducing-tld-insights-on-cloudflare-radar/), and check out the [new Radar page](https://radar.cloudflare.com/tlds). diff --git a/src/content/docs/radar/glossary.mdx b/src/content/docs/radar/glossary.mdx index 08aa3dd4f55529d..84d0003f1cb42ee 100644 --- a/src/content/docs/radar/glossary.mdx +++ b/src/content/docs/radar/glossary.mdx @@ -134,6 +134,17 @@ It is an essential Internet service, and is also used to look up other network-r The data displayed on Radar for DNS is based on aggregated and anonymized DNS lookups to Cloudflare's [1.1.1.1](/1.1.1.1/) public resolver service. +## DNS magnitude + +DNS Magnitude is a metric originally developed by [nic.at](https://www.nic.at/media/files/pdf/dns-magnitude-paper-20200601.pdf) (PDF) to estimate a domain’s overall visibility on the Internet. + +Instead of only counting the total number of DNS queries, DNS Magnitude incorporates a sense of how many unique clients send queries to domains within the TLD. This approach gives a more accurate picture of a TLD’s reach, since a small number of sources can generate a large number of queries. +Our ranking is based on queries observed at Cloudflare’s [1.1.1.1](/1.1.1.1/) public resolver. We aggregate individual client IP addresses into subnets, referred to here as "networks". + +The magnitude value ranges from 0 to 10, with higher values (closer to 10) indicating that the TLD is queried by a broader range of networks. + +This reflects greater global visibility and, in some cases, a higher likelihood of name collision across different systems. [According to ICANN](https://www.icann.org/resources/pages/name-collision-2013-12-06-en), a name collision occurs when an attempt to resolve a name used in a private name space (such as under a non-delegated Top-Level Domain) results in a query to the public DNS. When the administrative boundaries of private and public namespaces overlap, name resolution may yield unintended or harmful results. For example, if ICANN were to delegate `.home`, that could cause significant issues for hobbyists that use the (currently non-delegated) TLD within their local networks. + ## Domain rankings Domain Rankings is based on our anonymized and aggregated [1.1.1.1 DNS resolver](/1.1.1.1/) data, complies with our [privacy policy](https://www.cloudflare.com/en-gb/privacypolicy/), and aims to identify the top most popular domains that reflect how people use the Internet globally. Domain Rankings’ popularity metric is best described as the estimated number of unique users that access a domain over some period of time. @@ -180,7 +191,7 @@ The IQI methodology requires a minimum number of measurements to generate estima ## IRR AS-SETs -An IRR AS-SET is a named collection of Autonomous System Numbers (ASNs) within the Internet Routing Registry (IRR) used to define and manage BGP routing policies. By grouping related networks, such as customers and downstream peers, under a single identifier, network operators can automate the creation of BGP filters, which are essential for preventing the propagation of BGP route leaks. AS-SETs can be hierarchical, meaning they can include other AS-SETs as members, creating a scalable but complex structure. To quantify this complexity, the "AS Cone" measures the total number of unique ASNs in a fully expanded set (its downstream footprint), while "Upstreams" measures how many other AS-SETs include it directly or indirectly, providing insight into its role in the global routing system. +An IRR AS-SET is a named collection of Autonomous System Numbers (ASNs) within the Internet Routing Registry (IRR) used to define and manage BGP routing policies. By grouping related networks, such as customers and downstream peers, under a single identifier, network operators can automate the creation of BGP filters, which are essential for preventing the propagation of BGP route leaks. AS-SETs can be hierarchical, meaning they can include other AS-SETs as members, creating a scalable but complex structure. To quantify this complexity, the "AS Cone" measures the total number of unique ASNs in a fully expanded set (its downstream footprint), while "Upstreams" measures how many other AS-SETs include it directly or indirectly, providing insight into its role in the global routing system. An AS-SET does not inherently includes its owner networks. Cloudflare Radar infers the owner by matching the AS-SET name on [PeeringDB](https://www.peeringdb.com/) or by the name itself. When an AS-SET's owner can be inferred via both methods, we prefer the PeeringDB information. diff --git a/src/content/release-notes/radar.yaml b/src/content/release-notes/radar.yaml index b9a797ac734fbc2..17da88e0600a7c8 100644 --- a/src/content/release-notes/radar.yaml +++ b/src/content/release-notes/radar.yaml @@ -3,6 +3,11 @@ link: "/radar/release-notes/" productName: Radar productLink: "/radar/" entries: + - publish_date: "2025-10-27" + title: Add TLD insights + description: |- + * Added new dimensions `tld` and `tld_dns_magnitude` to the [DNS](/api/resources/radar/subresources/dns/) API. + * Added new endpoints [`/tlds`](/api/resources/radar/subresources/tlds/methods/list/) and [`/tlds/{tld}`](/api/resources/radar/subresources/tlds/methods/get/). - publish_date: "2025-10-09" title: Add CT log activity statistics description: |-