Google Chrome is putting a heavy load on the 'DNS root server', why?



The open source web browser '

Chromium ', which is the base of Google Chrome and Microsoft Edge, has a function called ' Ombox ' that integrates the address bar and the search bar, but it becomes a DNS root server by the Omnibox. When a large load is applied, VeriSign is the CSO Matthew Thomas has been reported that Mr..

Chromium's impact on root DNS traffic | APNIC Blog
https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/

A Chrome feature is creating enormous load on global root DNS servers | Ars Technica
https://arstechnica.com/gadgets/2020/08/a-chrome-feature-is-creating-enormous-load-on-global-root-dns-servers/

DNS is a system that associates IP addresses with domain names such as 'gigazine.net'. The DNS name server has a hierarchical structure, and if the lower name server does not know the IP address corresponding to the domain name, it will query the higher name server and search for the IP address. The 'root server' is located at the top of the name server, but most queries are cached in the subordinate name server, and only a few queries reach the root server. The cache of the subordinate name server reduces the load on the root server.

The function 'Omnibox' that integrates the address bar and search bar of Chromium confirms the existence of the website in advance by inquiring the input value with DNS. For example, if there is a page 'https://marketing' on your company intranet, typing 'marketing' in the address bar will prompt you to search for the word 'marketing', and at the same time enter 'https://marketing'. An info bar will be displayed to facilitate access.



However, a specific network is designed to detect erroneous input of domain name and redirect to prevent

typosquatting etc.Because all domain names exist under such network, input of The info bar is displayed every time.

Chromium randomly generates 3 to 15 character domain names such as 'http://rociwefoie/' at startup or when the IP address changes, as a measure for displaying the info bar, and inquires with each DNS Search for an IP address. If two of the three IP addresses match, it is determined that the network is redirecting DNS.



If this inquiry is executed in a network that does not perform DNS redirection, it tends to reach the root server. The figure below shows the domain names categorized by 'a.root-servers.net', which is one of the root servers, on May 13, 2020. Of the domain names inquired, 48.50% were in agreement with the domain name pattern generated by Chromium. The percentage of 7- to 15-character domain names shown on the far right is about the same, but you can see that a 10-character domain name is a bit more than a domain name with other characters. For this reason, Thomas speculates that the domain name generated by Chromium was fixed at 10 characters until 2014.



Of all the DNS inquiries received by the root server, the ratio of inquiries for domain names that match the pattern generated by Chromium is shown by a colored solid line, and the market share of Chrome is displayed by a broken line. For the inquiry rate, the Verizon survey data shown in purple, the actual

DNS-OARC data shown in green, and the DNS-OARC sample data shown in light blue are used. Looking at the graph, the share of Chrome represented by the broken line and the proportion of inquiries that match the Chromium pattern show a similar transition, and by 2020, inquiries for domain names in the Chromium pattern are half Occupy



According to Jim Salter , a reporter at tech media Ars Technica , similar cases have occurred with NTP , which has the same hierarchical structure as DNS. At the time of 2005, Paul-Henning Kamp, who was the only NTP top-level server 'Stratum 1' server in Denmark, was charged an unexpectedly huge network bandwidth usage fee. This request is because D-Link, an information and communication device manufacturer, specified Mr. Kamp's NTP server for the device of the company instead of the lower NTP server, so instead of Stratum 1 Stratum 2 or Stratum 3 Should have specified an NTP server, Salter points out.

Thomas says that Chromium's queries are 'in most cases indistinguishable from DDoS attacks ,' questioning whether one or two queries alone will not reach the goal, or any other way around. I will.

in Software,   Web Service, Posted by darkhorse_log