[dns-operations] root? we don't need no stinkin' root!

Mark Allman mallman at icir.org
Tue Nov 26 13:49:08 UTC 2019

> It would appear a rather large percentage of queries to the root
> (like 50% in some samples) are random strings, between 7 to 15
> characters long, sometimes longer.  I believe this is Chrome-style
> probing to determine if there is NXDOMAIN redirection. A good
> example of the tragedy of the commons, like water pollution and
> climate change.

I will note that there have been quite a number of studies over the
last 20 years that show > 95% of the queries are junk of one kind or
another.  Someone mentioned Duane's nice paper.  But, this
observation started with Brownlee, et.al.'s 2001 paper.  Point
being, Chrome might cause some of this now, but it has been there
long before Chrome started this particularly probing.

What's more... in my rudimentary poking of the DITL data [*] it
seems that 25-50% of the "resolvers" that query the root *never*
send a legit query.  I.e., we can't ascribe a lot of this junk to
resolvers that could just work better somehow.

[*] There may be numbers on this sort of thing in the Brownlee,
    Wessels, etc. papers ... I just can't recall them off the top of
    my head.



More information about the dns-operations mailing list