[dns-operations] root? we don't need no stinkin' root!
Roy Arends
roy at dnss.ec
Tue Nov 26 15:04:13 UTC 2019
> On 26 Nov 2019, at 12:46, David Conrad <drc at virtualized.org> wrote:
>
> It would appear a rather large percentage of queries to the root (like 50% in some samples) are random strings, between 7 to 15 characters long, sometimes longer. I believe this is Chrome-style probing to determine if there is NXDOMAIN redirection. A good example of the tragedy of the commons, like water pollution and climate change.
Yep.
https://chromium.googlesource.com/chromium/src/+/32352ad08ee673a4d43e8593ce988b224f6482d3/chrome/browser/intranet_redirect_detector.cc
Line 79: "// We generate a random hostname with between 7 and 15 characters.”
https://ithi.research.icann.org/graph-m3.html
Table "Queries to frequently found name patterns” shows that the frequency distribution for queries between 7 and 15 characters are near flat (around 5.2% per character length) AND an order higher than ANY other queries.
“Coincidence? I think NOT!”
https://youtu.be/MDpuTqBI0RM?t=53
Roy
More information about the dns-operations
mailing list