[dns-operations] root? we don't need no stinkin' root!

Roy Arends roy at dnss.ec
Tue Nov 26 14:46:05 UTC 2019


> On 26 Nov 2019, at 14:49, Mark Allman <mallman at icir.org> wrote:
>> It would appear a rather large percentage of queries to the root
>> (like 50% in some samples) are random strings, between 7 to 15
>> characters long, sometimes longer.  I believe this is Chrome-style
>> probing to determine if there is NXDOMAIN redirection. A good
>> example of the tragedy of the commons, like water pollution and
>> climate change.
> I will note that there have been quite a number of studies over the
> last 20 years that show > 95% of the queries are junk of one kind or
> another.  Someone mentioned Duane's nice paper.  But, this
> observation started with Brownlee, et.al.'s 2001 paper.  Point
> being, Chrome might cause some of this now, but it has been there
> long before Chrome started this particularly probing.

Chrome might cause some of this? That is quite an understatement. If the number is around 50%, it is not "some of this". If this 50% disappears, the rest of the crap will still be there, and will probably be still > 90 %.

> What's more... in my rudimentary poking of the DITL data [*] it
> seems that 25-50% of the "resolvers" that query the root *never*
> send a legit query.  I.e., we can't ascribe a lot of this junk to
> resolvers that could just work better somehow.

and what percentage of traffic do these 25-50% resolvers account for? 


> [*] There may be numbers on this sort of thing in the Brownlee,
>    Wessels, etc. papers ... I just can't recall them off the top of
>    my head.
> allman
> --
> https://www.icir.org/mallman/
> @mallman_icsi
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list