[dns-operations] Lot's of TXT queries from Google
Puneet Sood
puneets at google.com
Thu Oct 7 15:34:50 UTC 2021
On Thu, Oct 7, 2021 at 11:22 AM Viktor Dukhovni <ietf-dane at dukhovni.org> wrote:
>
> On Thu, Oct 07, 2021 at 02:53:36PM +0000, Wessels, Duane via dns-operations wrote:
>
> > I can't explain the TXT queries, but the NS queries seem to be
> > Google's method of doing qname minimization, with an added nonce
> > value. See https://indico.dns-oarc.net/event/39/contributions/864/
> > and
> > https://developers.google.com/speed/public-dns/docs/security?hl=en#nonce_prefixes
>
> The odd thing is though that queries with Google's nonce labels to .NL
> would be expected to have the appended label after some desired 2LD:
>
> nonce.extant-2ld.nl
>
> I would not expect Google to append 2LD rather than 3LD nonces in
> queries to the .NL auth servers, those elicit NXDOMAIN, rather than the
> desired nonce-salted referrals.
Correct. These are not nonce prefixes appended by GPDNS. Also we are
mostly querying for NS records when nonce prefixes are used. Given the
RR types being queried, this is likely to be what Matt Nordhoff
mentioned above.
On a related note, the queries you mention send more than two labels
to the NL nameservers. This happens in some scenarios with our qname
minimization implementation. We are making some changes which should
reduce the labels in the query to just two (plus an optional nonce) in
almost all cases.
-Puneet
>
> --
> Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list