[dns-operations] root? we don't need no stinkin' root!
roy at dnss.ec
Tue Nov 26 14:46:05 UTC 2019
> On 26 Nov 2019, at 14:49, Mark Allman <mallman at icir.org> wrote:
>> It would appear a rather large percentage of queries to the root
>> (like 50% in some samples) are random strings, between 7 to 15
>> characters long, sometimes longer. I believe this is Chrome-style
>> probing to determine if there is NXDOMAIN redirection. A good
>> example of the tragedy of the commons, like water pollution and
>> climate change.
> I will note that there have been quite a number of studies over the
> last 20 years that show > 95% of the queries are junk of one kind or
> another. Someone mentioned Duane's nice paper. But, this
> observation started with Brownlee, et.al.'s 2001 paper. Point
> being, Chrome might cause some of this now, but it has been there
> long before Chrome started this particularly probing.
Chrome might cause some of this? That is quite an understatement. If the number is around 50%, it is not "some of this". If this 50% disappears, the rest of the crap will still be there, and will probably be still > 90 %.
> What's more... in my rudimentary poking of the DITL data [*] it
> seems that 25-50% of the "resolvers" that query the root *never*
> send a legit query. I.e., we can't ascribe a lot of this junk to
> resolvers that could just work better somehow.
and what percentage of traffic do these 25-50% resolvers account for?
> [*] There may be numbers on this sort of thing in the Brownlee,
> Wessels, etc. papers ... I just can't recall them off the top of
> my head.
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
More information about the dns-operations