OARConline 32a

Name: OARConline 32a
Start: 2020-06-09T19:00:00+00:00
End: 2020-06-09T22:00:00+00:00
Location: No location set

9 June 2020

UTC timezone

DONATE
Overview
Speakers & Presentations
Workshop Agenda
Attendee List
Workshop Patrons 2020
Twitter: #OARConline
Twitter: #OARC32a
Presentation Videos
About DNS-OARC

OARConline Admin

admin@dns-oarc.net
meeting@dns-oarc.net

Intranet Redirect Detector or Pseudo Random Subdomain Attack?

9 Jun 2020, 19:10

25m

Standard Presentation Online Workshop

Duane Wessels (Verisign)

DNS query traffic received by root name servers include a significant amount of queries for random, single-label strings. These first appeared in 2011 and are attributed to a function in the Chrome browser source code, whose purpose is to detect NXDOMAIN "hijacking."

In this presentation we show how the volume of these probe queries from Chrome have grown over time and now comprises nearly 50% of root server query traffic. We further show how the query patterns have changed over time, and that these queries can expose domain search list processing by resolvers.

Talk Duration	20 minutes
Your consent for us to publish your name and<br />affiliation as a Speaker on the OARC (online) 32a website	Yes

Duane Wessels (Verisign)

Matthew Thomas (Verisign)

OARC32a-chromium_queries_root.pdf

Video

OARConline 32a

OARConline Admin

Intranet Redirect Detector or Pseudo Random Subdomain Attack?

Speaker

Description

Primary author

Co-author

Presentation materials

Choose timezone

OARConline 32a

OARConline Admin

Speaker

Description

Primary author

Co-author

Presentation materials