Chromium-based browsers responsible for half of all DNS queries to root servers
Verisign’s research division recently came up with a shocking discovery that nearly half of all DNS queries to root servers are actually done by Google Chrome and other Chromium-based browsers.
The discovery was linked to a standard function that all Chrome and Chromium-related browsers have. Namely, the browsers randomly come up with 3 domain names in order to determine whether a given network will hijack DNS queries or not. The idea is that if two of these three domains return the same IP, then that’s proof of the network capturing domain requests that don’t exist.
This test takes place fairly often: on startup and every time there is a change in the device’s IP and/or DNS settings.
And as a result of the way DNS servers work, these requests go all the way up to the DNS root servers. Furthermore, the requests were found to make up close to half of all queries to the root servers.
Data collected over the course of the past 10 years confirmed the same. According to Verisign’s representatives, there is a direct correlation between the increase in Chrome’s market share and the rise in number of queries that matched Chrome’s pattern.
So at this point, this would make up for an estimated 60 billion queries per day. In other words, half of the DNS traffic of the root servers is in fact used to facilitate a single browser function. And under any other circumstances, this traffic would be an unmistakable DoS (denial of service) attack.
As part of a different study conducted by Johannes Ulrich of Sans Institute, it was discovered that it takes exactly 2,302 authoritative name servers to disable 80% of the world’s internet. That’s a minuscule 0.084% of the total 2.7 million name servers there are.
Furthermore, about 0.35% name servers were determined to be responsible for about 90% of all domain names.
As per Ulrich, this concentration of name services with just so few providers greatly increases the risk to the infrastructure. A single provider outage could render entire parts of the internet inaccessible.
Australian telecommunications company Telstra provided an excellent example of this just a few weeks back. A perceived denial of service attack actually proved to be the result of a DNS failure. And a little earlier than that, Cloudflare faced very similar issues – on an even larger scale at that.
So as a possible solution, Ulrich suggested that users ought to rely on more than just one DNS provider. In addition, he said running secondary name servers in-house would also help lower the impact of a potential provider outage.