[dns-operations] Behavior of browsers with absolute HTML links (Was: compressing DNS traffic data

Peter Dambier peter at peter-dambier.de
Fri Dec 17 18:34:59 UTC 2010

Stephane Bortzmeyer wrote:
> On Wed, Dec 08, 2010 at 09:17:03AM -0600,
>  Joe Greco <jgreco at ns.sol.net> wrote 
>  a message of 57 lines which said:
>> Back in the infancy of the Web, relative links were king, and some
>> web pages only generated one DNS lookup to enable the page to load,
>> and many other pages only had at most a handful.
>> By today's count, and I did just count, pulling up www.ebay.com
>> results in *204* lookups, www.cnn.com results in 92 lookups,
>> Facebook 24, etc.  That's actual requests happening on the wire per
>> tcpdump.  (I'm actually a bit shocked.)

Some 5 years ago I noticed running my own named sped up my browsers dramatically.
News sites with lots of ads improved most when I added fake zones for the ads.

> What is the behaviour of a Web browser when there are several
> *asbolute* links with the same "prefix"? I would have assume that two
> links <http://www.example.org/foo.html> and
> <http://www.example.org/bar.html> create only one DNS request?

The browser is asking a library and the library finally asks the system.

Today most likely name resolution is done by your dsl or cable router.

Seen from the reverse end:

1) when you login to the net your ISP reserves two nameservers for you.
   Your ISP wants to keep traffic down and does cache.

2) when you switch on your pc your router offers himself as a nameserver
   via DHCP. Your router does cache things for you - forwarding to the
   ISP nameserver

3) Browser ignores everything and asks google or llmnr or plain netbios.

4) Malware site introduces their own poisoned nameservers again
   making updates for windows or anti-virus unavailable.

Don't ignore 4). I remember Microsoft saying something like 1/3 of the
PCs they checked were owned.

Most likely your browser allows you to switch off caching and redirecting.

Running your own nameserver is a good idea and keeps a lot of nonsense
inside your network. 2) is still better than nothing.

Don't trust your ISP. Just as chinese nameservers leaked, us nameservers
might do the same, making "Le Monde" news unavailable.


Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
ULA= fd80:4ce1:c66a::/48

More information about the dns-operations mailing list