[dns-operations] chrome's 10 character QNAMEs to detect NXDOMAIN rewriting

Vernon Schryver vjs at rhyolite.com
Tue Nov 26 19:23:35 UTC 2013


> From: Jim Reid <jim at rfc1035.com>

> This is definitely not a nice trick. It generates hundreds of millions
> of queries to the root servers every day that don't need to go there.

The devil is in the details.

If the probing test requests are for domains that Google owns or has
permission for junk queries, then no one outside Google has standing
to complain.  The only people affected would be abusers (NXDOMAIN
hijackers), Google, Google's users, and Google's users' agents (ISPs).

On the other hand, if Google is deploying something that does random
queries of third party DNS servers, then Google is being almost as
evil as the "sender verification" spammers who sent unsolicited
bulk email (spam) to the every apparent source of incoming mail,
including obviously forged spam.

Every entity that outsources its abuse detection without the informed
consent of the outside providers of labor and other resources is an
evil abuser, regardless of the abuse being detected, the real or claimed
intentions of the outsourcer, and its other good deeeds.

Is whatever Google doing documented somewhere?  I didn't see anything
with https://www.google.com/search?q=chromium+nxdomain+detection+dns
and one or two similar searches.


Vernon Schryver    vjs at rhyolite.com



More information about the dns-operations mailing list