[technology taskforce] [At-Large] Ars Technica : A Chrome feature is creating enormous load on global root DNS servers
James Gannon
james at cyberinvasion.net
Fri Aug 28 12:29:02 UTC 2020
Sorry my use on non issue may not have been descriptive, it poses no risk to the security or stability of the DNS was the core of my message, in reply to the DoS characterisation.
On 8/27/2020 7:35:18 PM, Dev Anand Teelucksingh <devtee at gmail.com> wrote:
Thanks for the link to the OCTO-008 (at https://www.icann.org/en/system/files/files/octo-008-15apr20-en.pdf [https://www.icann.org/en/system/files/files/octo-008-15apr20-en.pdf]) file.
However, it doesn't say its a non-issue. Under 3.1
"The Chromium queries are the largest single cause of queries to root servers. Other IMRS instances often see over 50% of all incoming queries from Chromium. The purpose of these queries is to check if Chromium is behind a captive portal. Provisioning for root servers is often a function of the overall load on root servers to satisfy the scaling needs. While these queries are free for Chromium to make, the cost of provisioning for root-server instances is not. Google has been notified of this issue, but it remains outstanding."
The two related Bug issues :
https://bugs.chromium.org/p/chromium/issues/detail?id=946450&q=intranet%20redirect&can=2 [https://bugs.chromium.org/p/chromium/issues/detail?id=946450&q=intranet%20redirect&can=2]
https://bugs.chromium.org/p/chromium/issues/detail?id=1090985 [https://bugs.chromium.org/p/chromium/issues/detail?id=1090985]
Dev Anand
On Wed, Aug 26, 2020 at 3:08 AM James Gannon <james at cyberinvasion.net [mailto:james at cyberinvasion.net]> wrote:
Matts APNIC blog describes exactly what they are for…
And no these are not any kind of attack on the root, the Ars article blows it out of all proportion, OCTO presented on this at some stage earlier in the year and its also mentioned as a non issue in OCTO-008 https://www.icann.org/en/system/files/files/octo-008-15apr20-en.pdf [https://www.icann.org/en/system/files/files/octo-008-15apr20-en.pdf]
From: ttf <ttf-bounces at atlarge-lists.icann.org [mailto:ttf-bounces at atlarge-lists.icann.org]> on behalf of Sergio Salinas Porto <presidencia at internauta.org.ar [mailto:presidencia at internauta.org.ar]>
Date: Wednesday, 26 August 2020 at 07:59
To: Carlton Samuels <carlton.samuels at gmail.com [mailto:carlton.samuels at gmail.com]>
Cc: Technical issues <technical-issues at atlarge-lists.icann.org [mailto:technical-issues at atlarge-lists.icann.org]>, At-Large Worldwide <at-large at atlarge-lists.icann.org [mailto:at-large at atlarge-lists.icann.org]>, Technology Taskforce WG <ttf at atlarge-lists.icann.org [mailto:ttf at atlarge-lists.icann.org]>
Subject: Re: [technology taskforce] [At-Large] Ars Technica : A Chrome feature is creating enormous load on global root DNS servers
Good question Carlton, I asked myself the same questions ...
Sergio Salinas Porto
Presidente Internauta Argentina - LACRALO/ICANN [https://atlarge.icann.org/ralos/lacralo]
Asociación Argentina de Usuarios de Internet [http://www.internauta.org.ar/]/FeTIA [http://www.fetia.org.ar/]
FUILAC- Federación de Usuarios de Internet de LAC [https://fuilac.org]
facebook: salinasporto [http://www.facebook.com/salinasporto]
twitter: sergiosalinas [http://twitter.com/sergiosalinas]
Mobi:+54 9 223 5 215819
"Ojalá podamos ser desobedientes, cada vez que recibimos órdenes que humillan nuestra
conciencia o violan nuestro sentido común" Eduardo Galeano
El mar., 25 ago. 2020 a las 19:35, Carlton Samuels (<carlton.samuels at gmail.com [mailto:carlton.samuels at gmail.com]>) escribió:
I'm still left with little understanding of why this is important?
What is the use of these lookups for the browser? A previously undisclosed security feature?
And what is being alleged from the name service side? A unintentional DOS-type attack on the root server system itself?
CAS.
On Tue, 25 Aug 2020, 3:39 pm Dev Anand Teelucksingh, <devtee at gmail.com [mailto:devtee at gmail.com]> wrote:
The Chromium browser—open source, upstream parent to both Google Chrome and the new Microsoft Edge—is getting some serious negative attention for a well-intentioned feature that checks to see if a user's ISP is "hijacking" non-existent domain results.
The Intranet Redirect Detector [https://bugs.chromium.org/p/chromium/issues/detail?id=1090985], which makes spurious queries for random "domains" statistically unlikely to exist, is responsible for roughly half of the total traffic the world's root DNS servers receive. Verisign engineer Matt Thomas wrote a lengthy APNIC blog post [https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/] outlining the problem and defining its scope.
Read rest of Ars Technica article :
https://arstechnica.com/gadgets/2020/08/a-chrome-feature-is-creating-enormous-load-on-global-root-dns-servers/ [https://arstechnica.com/gadgets/2020/08/a-chrome-feature-is-creating-enormous-load-on-global-root-dns-servers/]
The APNIC blog post :
https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/ [https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/]
Not aware if this is mentioned before in ICANN circles
Dev Anand
_______________________________________________
ttf mailing list
ttf at atlarge-lists.icann.org [mailto:ttf at atlarge-lists.icann.org]
https://mm.icann.org/mailman/listinfo/ttf [https://mm.icann.org/mailman/listinfo/ttf]
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy [https://www.icann.org/privacy/policy]) and the website Terms of Service (https://www.icann.org/privacy/tos [https://www.icann.org/privacy/tos]). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________
At-Large mailing list
At-Large at atlarge-lists.icann.org [mailto:At-Large at atlarge-lists.icann.org]
https://atlarge-lists.icann.org/mailman/listinfo/at-large [https://atlarge-lists.icann.org/mailman/listinfo/at-large]
At-Large Official Site: http://atlarge.icann.org [http://atlarge.icann.org]
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy [https://www.icann.org/privacy/policy]) and the website Terms of Service (https://www.icann.org/privacy/tos [https://www.icann.org/privacy/tos]). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________
ttf mailing list
ttf at atlarge-lists.icann.org [mailto:ttf at atlarge-lists.icann.org]
https://mm.icann.org/mailman/listinfo/ttf [https://mm.icann.org/mailman/listinfo/ttf]
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy [https://www.icann.org/privacy/policy]) and the website Terms of Service (https://www.icann.org/privacy/tos [https://www.icann.org/privacy/tos]). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ ttf mailing list ttf at atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/ttf _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200828/14516d9e/attachment-0001.html>
More information about the ttf
mailing list