[technology taskforce] [At-Large] Ars Technica : A Chrome feature is creating enormous load on global root DNS servers

Dev Anand Teelucksingh devtee at gmail.com
Fri Aug 28 14:36:36 UTC 2020 

IMO, there is a future risk - Microsoft Edge is now a Chromium
derivative for Windows and Microsoft will migrate/upgrade all Windows
installations to use this new Edge browser. The number of non-existent TLD
queries by Edge to the root servers will only increase. This will increase
the cost for provisioning root-server instances to answer non-existent tld
queries which (shrug) seems wasteful.

Dev Anand



On Fri, Aug 28, 2020 at 8:29 AM James Gannon <james at cyberinvasion.net>
wrote:

> Sorry my use on non issue may not have been descriptive, it poses no risk
> to the security or stability of the DNS was the core of my message, in
> reply to the DoS characterisation.
>
> On 8/27/2020 7:35:18 PM, Dev Anand Teelucksingh <devtee at gmail.com> wrote:
> Thanks for the link to the OCTO-008 (at
> https://www.icann.org/en/system/files/files/octo-008-15apr20-en.pdf)
> file.
>  However, it doesn't say its a non-issue. Under 3.1
>
> "The Chromium queries are the largest single cause of queries to root
> servers. Other IMRS instances often see over 50% of all incoming queries
> from Chromium. The purpose of these queries is to check if Chromium is
> behind a captive portal. Provisioning for root servers is often a function
> of the overall load on root servers to satisfy the scaling needs. While
> these queries are free for Chromium to make, the cost of provisioning for
> root-server instances is not. Google has been notified of this issue, but
> it remains outstanding."
>
> The two related Bug issues :
>
> https://bugs.chromium.org/p/chromium/issues/detail?id=946450&q=intranet%20redirect&can=2
> https://bugs.chromium.org/p/chromium/issues/detail?id=1090985
>
> Dev Anand
>
> On Wed, Aug 26, 2020 at 3:08 AM James Gannon <james at cyberinvasion.net>
> wrote:
>
>> Matts APNIC blog describes exactly what they are for…
>>
>> And no these are not any kind of attack on the root, the Ars article
>> blows it out of all proportion, OCTO presented on this at some stage
>> earlier in the year and its also mentioned as a non issue in OCTO-008
>> https://www.icann.org/en/system/files/files/octo-008-15apr20-en.pdf
>>
>>
>>
>>
>>
>> *From: *ttf <ttf-bounces at atlarge-lists.icann.org> on behalf of Sergio
>> Salinas Porto <presidencia at internauta.org.ar>
>> *Date: *Wednesday, 26 August 2020 at 07:59
>> *To: *Carlton Samuels <carlton.samuels at gmail.com>
>> *Cc: *Technical issues <technical-issues at atlarge-lists.icann.org>,
>> At-Large Worldwide <at-large at atlarge-lists.icann.org>, Technology
>> Taskforce WG <ttf at atlarge-lists.icann.org>
>> *Subject: *Re: [technology taskforce] [At-Large] Ars Technica : A Chrome
>> feature is creating enormous load on global root DNS servers
>>
>>
>>
>> Good question Carlton, I asked myself the same questions ...
>>
>> *Sergio Salinas Porto *
>>
>> *Presidente Internauta Argentina - LACRALO/ICANN <https://atlarge.icann.org/ralos/lacralo>*
>>
>> *Asociación Argentina de Usuarios de Internet <http://www.internauta.org.ar/>/FeTIA <http://www.fetia.org.ar/>*
>>
>> *FUILAC- Federación de Usuarios de Internet de LAC <https://fuilac.org>*
>>
>> *facebook: salinasporto <http://www.facebook.com/salinasporto> *
>>
>> *twitter:  sergiosalinas <http://twitter.com/sergiosalinas>*
>>
>> *Mobi:+54 9 223 5 215819*
>>
>> *"Ojalá podamos ser desobedientes, cada vez que recibimos órdenes que humillan nuestra *
>>
>> * conciencia o violan nuestro sentido común" Eduardo Galeano*
>>
>>
>>
>>
>>
>> El mar., 25 ago. 2020 a las 19:35, Carlton Samuels (<
>> carlton.samuels at gmail.com>) escribió:
>>
>> I'm still left with little understanding of why this is important?
>>
>>
>>
>> What is the use of these lookups for the browser? A previously
>> undisclosed security feature?
>>
>>
>>
>> And what is being alleged from the name service side? A unintentional
>> DOS-type attack on the root server system itself?
>>
>>
>>
>> CAS.
>>
>>
>>
>> On Tue, 25 Aug 2020, 3:39 pm Dev Anand Teelucksingh, <devtee at gmail.com>
>> wrote:
>>
>> The Chromium browser—open source, upstream parent to both Google Chrome
>> and the new Microsoft Edge—is getting some serious negative attention for a
>> well-intentioned feature that checks to see if a user's ISP is "hijacking"
>> non-existent domain results.
>>
>> The Intranet Redirect Detector
>> <https://bugs.chromium.org/p/chromium/issues/detail?id=1090985>, which
>> makes spurious queries for random "domains" statistically unlikely to
>> exist, is responsible for roughly half of the total traffic the world's
>> root DNS servers receive. Verisign engineer Matt Thomas wrote a lengthy
>> APNIC blog post
>> <https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/> outlining
>> the problem and defining its scope.
>>
>> Read rest of Ars Technica article :
>>
>>
>> https://arstechnica.com/gadgets/2020/08/a-chrome-feature-is-creating-enormous-load-on-global-root-dns-servers/
>>
>>
>>
>> The APNIC blog post :
>>
>> https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/
>>
>>
>>
>> Not aware if this is  mentioned before  in ICANN circles
>>
>>
>>
>> Dev Anand
>>
>>
>>
>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>>
>> _______________________________________________
>> At-Large mailing list
>> At-Large at atlarge-lists.icann.org
>> https://atlarge-lists.icann.org/mailman/listinfo/at-large
>>
>> At-Large Official Site: http://atlarge.icann.org
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>>
>> _______________________________________________
>> ttf mailing list
>> ttf at atlarge-lists.icann.org
>> https://mm.icann.org/mailman/listinfo/ttf
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>
> _______________________________________________ ttf mailing list
> ttf at atlarge-lists.icann.org https://mm.icann.org/mailman/listinfo/ttf
> _______________________________________________ By submitting your personal
> data, you consent to the processing of your personal data for purposes of
> subscribing to this mailing list accordance with the ICANN Privacy Policy (
> https://www.icann.org/privacy/policy) and the website Terms of Service (
> https://www.icann.org/privacy/tos). You can visit the Mailman link above
> to change your membership status or configuration, including unsubscribing,
> setting digest-style delivery or disabling delivery altogether (e.g., for a
> vacation), and so on.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/ttf/attachments/20200828/92b6065d/attachment-0001.html>

More information about the ttf mailing list