[dns-operations] root? we don't need no stinkin' root!

Petr Špaček petr.spacek at nic.cz
Wed Nov 27 15:31:51 UTC 2019


On 26. 11. 19 16:04, Roy Arends wrote:
> 
> 
>> On 26 Nov 2019, at 12:46, David Conrad <drc at virtualized.org> wrote:
>>
>> It would appear a rather large percentage of queries to the root (like 50% in some samples) are random strings, between 7 to 15 characters long, sometimes longer.  I believe this is Chrome-style probing to determine if there is NXDOMAIN redirection. A good example of the tragedy of the commons, like water pollution and climate change.
> 
> Yep.
> 
> https://chromium.googlesource.com/chromium/src/+/32352ad08ee673a4d43e8593ce988b224f6482d3/chrome/browser/intranet_redirect_detector.cc
> Line 79: "// We generate a random hostname with between 7 and 15 characters.”
> 
> https://ithi.research.icann.org/graph-m3.html
> Table "Queries to frequently found name patterns” shows that the frequency distribution for queries between 7 and 15 characters are near flat (around 5.2% per character length) AND an order higher than ANY other queries.
> 
> “Coincidence? I think NOT!”  
> 
> https://youtu.be/MDpuTqBI0RM?t=53

FYI there is also an issue about this in their tracker:
https://bugs.chromium.org/p/chromium/issues/detail?id=946450#c1

-- 
Petr Špaček  @  CZ.NIC



More information about the dns-operations mailing list