Mark > On 26 Nov 2019, at 14:49, Mark Allman <[email protected]> wrote: > > >> It would appear a rather large percentage of queries to the root >> (like 50% in some samples) are random strings, between 7 to 15 >> characters long, sometimes longer. I believe this is Chrome-style >> probing to determine if there is NXDOMAIN redirection. A good >> example of the tragedy of the commons, like water pollution and >> climate change. > > I will note that there have been quite a number of studies over the > last 20 years that show > 95% of the queries are junk of one kind or > another. Someone mentioned Duane's nice paper. But, this > observation started with Brownlee, et.al.'s 2001 paper. Point > being, Chrome might cause some of this now, but it has been there > long before Chrome started this particularly probing.
Chrome might cause some of this? That is quite an understatement. If the number is around 50%, it is not "some of this". If this 50% disappears, the rest of the crap will still be there, and will probably be still > 90 %. > What's more... in my rudimentary poking of the DITL data [*] it > seems that 25-50% of the "resolvers" that query the root *never* > send a legit query. I.e., we can't ascribe a lot of this junk to > resolvers that could just work better somehow. and what percentage of traffic do these 25-50% resolvers account for? Roy > > [*] There may be numbers on this sort of thing in the Brownlee, > Wessels, etc. papers ... I just can't recall them off the top of > my head. > > allman > > -- > https://www.icir.org/mallman/ > @mallman_icsi > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
