Slashdot Mirror

← Back to Stories (view on slashdot.org)

98% of DNS Queries at the Root Level are Unnecessary

Posted by ryuzaki0 on from the internet-would-be-fine-if-it-weren't-for-users dept.

LEPP writes "Scientists at the San Diego Supercomputer Centerfound that 98% of the DNS queries at the root level are unnecessary. This doesn't even take into account the 99.9% of web pages suck or are unnecessary anyways. This means that the remaining 2% of necessary DNS queries are probably not necessary either."

20 of 426 comments (clear)

  1. Badly written by matthew.thompson · · Score: 2, Insightful
    The following quote seems badly written to me...
    About 12 percent of the queries received by the root server on Oct. 4, were for nonexistent top-level domains, such as ".elvis", ".corp", and ".localhost". Registered top-level domains include country codes such as ".au" for Australia, ".jp" for Japan, or ".us" for the United States, as well as generic domains such as ".com", ".net", and ".edu". In addition, 7 percent of all the queries already contained an IP address instead of a host name, which made the job of mapping it to an IP address irrelevant.
    Reading through it takes a couple of attempts to realise that they're not classing the ccTLDs and gTLDs as in the 12 percent of nonexistent TLDs but they're providing them as examples of what is a real domain - yet they take more of the paragraph to do this than to explain the nonexistent TLDs.

    Just my 2p/2 worth.
    --
    Matt Thompson - Actuality - Insert product here.
  2. Why... by jascat · · Score: 5, Insightful

    is it that hard to configure a firewall to explicitly allow outgoing traffic rather than allow all? It seems that everyone thinks that the only bad traffic is the stuff coming in from the outside...

    1. Re:Why... by Anonymous Coward · · Score: 1, Insightful

      Corporations can and do do this, paticularly this one DOE subcontractor that I have to deal with, but that's a separate rant.

      The big thing is that it has the potential to inconvience the end users, and if your end users have political power in the orginazation (ie: Faculty at a College/University), then the order comes down to open it up, might not matter if it actually does cause problems in these cases, just that it might be able. Also, in my experience, I've noticed most people think that it is a security threat to have unmanaged outgoing traffic, which is just as great as a security risk as unmanaged incoming traffic.

  3. 99.9% by dirvish · · Score: 5, Insightful

    This doesn't even take into account the 99.9% of web pages suck or are unnecessary anyways.

    What standard is this based on? My website wite sucks and is only necessary for my own amusement but it is similar to my favorite kind of sites on the web. I would use the web a lot less if it wasn't for those 99.9% of web sites. Most blogs, for instance, suck and are unnecessary but at the same time the total of all the blogs is having a big impact on news outlets and the media.

    --
    FoundNews.com - get paid to blog.,
  4. Serious question by Anonymous Coward · · Score: 5, Insightful
    This doesn't even take into account the 99.9% of web pages suck or are unnecessary anyways. This means that the remaining 2% of necessary DNS queries are probably not necessary either.

    I see this kind of thing all the time on /.--completely unedited, barely literate, rant-style submissions. Why don't the /. editors tone down or eliminate the rhetoric from submissions about otherwise worthy topics, or at least fix the grammar and typos?

    I know, I'm going to get blasted for saying this, but I'm convinced it's one of those "little things" that makes /. look to the rest of the world more like a bunch of know-nothing kids typing at each other than a group of technically literate activists with something of value to contribute.

    I now return you to your regularly scheduled rant...

    1. Re:Serious question by Anonymous Coward · · Score: 1, Insightful

      It's what makes /. /. and not just another :) cliche'd news website.

      No, it's not.

      A news website very rarely provides a highly structured and highly configurable discussion forum. Also, even if a news website does have some sort of forums, it is rarely on an article-by-article basis, but rather a few broad topic forums.

      Slashdot is not a news website. Not because the grammar is always shitty and the stories are duplicates, but because it does no/very little reporting of its own (hello Drudge!), and really only provides a discussion forum for news items reported elsewhere.

      If Slashdot were "cleaned up", meaning having an editor who is actually editing (and knows what they are doing), you would notice a large difference in the selection and presentation of pieces, but very little difference in the discussion area. Using the tools, you would still be able to filter out the crap and find the posts by the people actually thinking.

  5. Re:Archaic by Anonymous Coward · · Score: 1, Insightful
    should be replaced by a P2P type system


    Should be, yes. How about the implementation? If you think dealing with poisoned DNS is bad now, wait until something like P2P DNS is in widespread use. Then again it'd be amusing to see the Microsoft's website addresses being redirected to pr0n sites on a daily basis.

  6. Re:Ignant by deepchasm · · Score: 2, Insightful

    No, I assume the researchers are not that stupid.

    They mean that some software, designed to take a fully qualified domain name as input, *always* looks up the input by DNS, even if someone has typed in an IP rather than a hostname - making the lookup unnecessary.

    If it was a reverse lookup it wouldn't just contain an ip (e.g. "1.2.3.4"), it would be "4.3.2.1.in-addr.arpa", that's how reverse lookup works.

  7. Re:In related news by JonnyElvis42 · · Score: 2, Insightful

    >> 99% of slashdot posts are unnecessary.
    > 74.4% of all statistics are made up on the spot.

    That's right! A complete study would probably have shown that first number to be much higher than 99%.
    Heck, we're 3 for 3 so far :P

  8. Lets go a level deeper by jj_johny · · Score: 2, Insightful
    1. Most web users (and unfortunately lots of admins) don't understand DNS at a theory level also don't understand a lot of other stuff like security but...

    2. The amount of time it takes to set up DNS correctly and effeciently with the existing products, especially BIND, is a lot more than it takes to just get them functioning.

    3. The research would have been more interesting if they had gone and looked at say 1000 random requestors who where doing things screwed up and find out why and how they were screwed up.

    4. It would be nice if the local DNS servers had a list of valid top level domains so that it would kill requests to non-existant ones.

    THAT would be stuff that matters!

  9. Re:Highlight... by Goodbyte · · Score: 2, Insightful

    Finally someone who makes a relevant comment. Though I wonder how the 'search from address bar'-feature has affected the number of non-existent queries.

  10. Re:DNS Needs a redesign.... by jefftp · · Score: 4, Insightful

    The fact that DNS, a 20 year old design, still works after being scaled several magnitudes beyond its original environment is proof that DNS doesn't need to be redesigned. The initial design is nothing short of genius. The extensions to the initial design (dynamic updates) build upon already solid technology.

    I run a DNS server, I've looked at DNS packets, and every time I ask the Internet to tell me who the heck slashdot.org is and it comes back with an IP address I'm amazed. My network asks strangers for help and those strangers say: Hey, try here. Bam! Slashdot.org pops up in my browser.

    You cannot "combine" DNS, DHCP, and Routing all into a single protocol. Hell, get three network engineers together sometime and try to get them to agree upon the best Internal Gateway Routing protocol sometime... EIGRP, OSPF, RIP.

    Routing information is extremely different from domain name information. The two have nothing in common other than IP Addresses. You have to include not only information about who your neighbors are, but also what type of links are between you and your neighbors, and how congested those links are. Now, what about your neighbor's neighbors? Oh, we'll track that to, and also keep a set of tables that show us the next two best reconfigurations should any of the links stop working. Unless you're just talking about RIP for routing.

    DHCP on the other hand is about getting clients configured for a network. They can then use DDNS to update their DNS record in a local DNS server. DHCP can do much more than just say: Here's your IP. It can also tell a client: here's where you should get your operating system from, and here's the voice over IP gateway, and here's the server where you should send your management info to, and here's the best local printer to use. Most people don't have clients that can handle that type of information, however.

    It's not just "if it's not broke, don't fix it" this is a case of "it frelling works great, keep your hands off of it or I'll kick you in the jimmy."

  11. Re:One factor... by Slashed+Otter · · Score: 2, Insightful

    That makes no sense...

    We're talking about the root nameserver here, not the server that handles .com. So if I lower the ttl on my domain, that increases the traffic to the server that handles .com and not the server that handles "."

    Basically, me lowering my ttl on my domain doesn't cause DNS servers to forget which machine is authoritative for all .coms

  12. Oh, give me a break... by casmithva · · Score: 2, Insightful
    So let me see if I'm getting this right. According to their article, I've somehow misconfigured my nameserver if a query for slashdot.org goes from my local nameserver to the root, then to a VeriSign gTLD server, and then to a VA Software (or whatever y'all are known as this year) nameserver? Funny, I thought that's how DNS was supposed to work! I suppose they want us to go set up ~300 forward zones in our nameservers to prevent these unnecessary queries...? Yeah, okay, sure, I'll get right on that after lunch. *snicker*

    Repetitive queries from the same nameserver in rapid succession, full-blown email addresses, search engine queries -- those are unnecessary, illegitimate queries that indicate not only bad nameserver configuration, but also bad application software. How many assorted DNS query permutation tricks have the various versions of Netscape Navigator tried over the years?

    1. Re:Oh, give me a break... by kindbud · · Score: 2, Insightful

      So let me see if I'm getting this right.

      You aren't. What you described is how it should happen. But once you have the NS for dot-org, which you received in the reply to your first query for slashdot.org, you need not go back to the roots with any dot-org query name until the NS records expire from your cache.

      If your nameserver repeatedly hits the roots for dot-org names, even after it has received the dot-org NS records, that is broken and those queries are unnecessary. Your nameserver should be hitting the dot-org servers, not the roots.

      --
      Edith Keeler Must Die
  13. Re:Ignant by pde · · Score: 3, Insightful
    Is it just me, or is this a description of a reverse lookup? How does that qualify as unnecessary?

    I believe that reverse lookups are identified by an "inverse" status flag in the request header. One can only assume that the authors were not counting this sort of valid query, and were only focusing on the "standard" queries that contained IP addresses. Those certainly would, I think, be rather pointless.



    Ummm, no. "inverse" does not in any way shape or forme identify a request for the hostname associated with an IP address.

    And the lookups being described are not reverse loops, either. A 'reverse lookup' for 1.2.3.4 is a query for the PTR RR associated with 4.3.2.1.in-addr.arpa. The queries being described are for the A RR associated with the FQDN 1.2.3.4. There is no such TLD as '4.'

  14. Re:News you can use by El_Smack · · Score: 2, Insightful

    Well, I was more speaking of the guys who cobbled together their own firewall using 2 NIC's and their OS and software of choice. That's what I did, and I easily could have screwed up an iptables command or a default rule and blocked incoming DNS.
    With a purchased firewall, especially if you can't edit it yourself, I would have to assume (uh oh) that the manufacturer got the basics right, at least. I really don't know of a way to check those. You could try an online port scan like sygate.com offers. But your firewall is probably using a "statefull" method, which would allow DNS to come back if you initiated the request, but it would block a NEW request that originated outside. So it will probably say your port 53 is blocked.

    --


    There are 01 kinds of cars in the world. The General Lee, and everything else.
  15. Re:AOL by TheTomcat · · Score: 4, Insightful

    This is probably a cyclic argument.

    As an ISP, why not respect a TTL? Because many DNS zones set their TTL values too small (5 mins), when 24 hours, would accomplish the same thing (except in rare circumstances -- if you're planning on moving, set it low a week before, do the move, reset to high ttl).

    As a DNS administrator, it's a pain to keep changing your TTL and the ISPs don't respect it anyway.

    It's useless to have a low TTL because the ISPs generally don't respect it because it's generally set too low because the ISPs don't generally respect it because....

    S

  16. It's the SPAM by haapi · · Score: 3, Insightful

    I'll bet a large percent of the queries, especially for bogus top-level domains, are due to lookups by MTAs when receiving SPAM. Think of the numbers!

    This doesn't mean that even these queries shouldn't be handled better -- just that SPAM lookups cause a bunch of 'em.

    --
    Well, apparently, you only have to fool the majority of people for a little while.
  17. Re:Highlight... by Anonymous Coward · · Score: 1, Insightful

    Penalties are needed.

    The people who run the root servers should penalize any system that fails to implement basic practices like what you mentioned. Networks that abuse the root servers would quickly find themselves unable to do anything.

    The net is quickly headed this way for other services as it is. If you don't do something a certain way, some people won't talk to you. Whether it's running open relays, open proxies, not populating your chunk of IN-ADDR.ARPA properly, and so on.

    Prediction: eventually you will see a scheme where network operators can say "we implement such and such policy". Other networks will check some kind of 'policy registry' before exchanging traffic with them. This will happen automatically some day.