[dns-operations] root? we don't need no stinkin' root!

Roy Arends roy at dnss.ec
Tue Nov 26 15:04:13 UTC 2019



> On 26 Nov 2019, at 12:46, David Conrad <drc at virtualized.org> wrote:
> 
> It would appear a rather large percentage of queries to the root (like 50% in some samples) are random strings, between 7 to 15 characters long, sometimes longer.  I believe this is Chrome-style probing to determine if there is NXDOMAIN redirection. A good example of the tragedy of the commons, like water pollution and climate change.

Yep.

https://chromium.googlesource.com/chromium/src/+/32352ad08ee673a4d43e8593ce988b224f6482d3/chrome/browser/intranet_redirect_detector.cc
Line 79: "// We generate a random hostname with between 7 and 15 characters.”

https://ithi.research.icann.org/graph-m3.html
Table "Queries to frequently found name patterns” shows that the frequency distribution for queries between 7 and 15 characters are near flat (around 5.2% per character length) AND an order higher than ANY other queries.

“Coincidence? I think NOT!”  

https://youtu.be/MDpuTqBI0RM?t=53

Roy





More information about the dns-operations mailing list