ZDNet reports:
In an effort to detect whether a network will hijack DNS queries, Google’s Chrome browser and its Chromium-based brethren randomly conjures up three domain names between 7 and 15 characters to test, and if the response of two domains returns the same IP, the browser believes the network is capturing and redirecting nonexistent domain requests. This test is completed on startup, and whenever a device’s IP or DNS settings change. Due to the way DNS servers will pass locally unknown domain queries up to more authoritative name servers, the random domains used by Chrome find their way up to the root DNS servers, and according to Verisign principal engineer at CSO applied research division Matthew Thomas, those queries make up half of all queries to the root servers. Data presented by Thomas showed that as Chrome’s market share increased after the feature was introduced in 2010, queries matching the pattern used by Chrome similarly increased. “In the 10-plus years since the feature was added, we now find that half of the DNS root server traffic is very likely due to Chromium’s probes,” Thomas said in an APNIC blog post. “That equates to about 60 billion queries to the root server system on a typical day.” Thomas added that half the DNS traffic of the root servers is being used to support a single browser function, and with DNS interception being “certainly the exception rather than the norm”, the traffic would be a distributed denial of service attack in any other scenario.
Read more of this story at Slashdot.
Source:
https://tech.slashdot.org/story/20/08/24/0336252/chromiums-dns-hijacking-tests-accused-of-causing-half-of-all-root-queries?utm_source=rss1.0mainlinkanon&utm_medium=feed