DNS query traffic received by root name servers include a significant amount of queries for random, single-label strings. These first appeared in 2011 and are attributed to a function in the Chrome browser source code, whose purpose is to detect NXDOMAIN "hijacking."
In this presentation we show how the volume of these probe queries from Chrome have grown over time and now comprises nearly 50% of root server query traffic. We further show how the query patterns have changed over time, and that these queries can expose domain search list processing by resolvers.
|Talk Duration||20 minutes|
|Your consent for us to publish your name and<br />affiliation as a Speaker on the OARC (online) 32a website||Yes|