98% of DNS Queries at the Root Level are Unnecessary

LEPP writes "Scientists at the San Diego Supercomputer Centerfound that 98% of the DNS queries at the root level are unnecessary. This doesn't even take into account the 99.9% of web pages suck or are unnecessary anyways. This means that the remaining 2% of necessary DNS queries are probably not necessary either."

AOL

[almeida]

On a similar note, I noticed that AOL causes a lot of DNS lookups. From what I can see from my firewall logs, each TCP connection from an AOL user is handled by a separate proxy. Each proxy then does its own lookup on the host. So, for a normal sized webpage with some images or whatever, you get like 10 TCP connections for the content and 10 UDP connections for the DNS lookup. Seems kind of excessive to me.

Re:AOL

[cyb97]

AOL always screws up webpage statistics (which I guess can be a good thing as the only dufuzes that really really care about statistics are marketers?)...

I can't count the number of times I've seen a massive spike in number of "unique visitors" just to look at the hosts and find *.proxy.aol.com filling the whole thing....

News you can use

[El_Smack]

From the article:
"Researchers believe that many bad requests occur because organizations have misconfigured packet filters and firewalls, security mechanisms intended to restrict certain types of network traffic. When packet filters and firewalls allow outgoing DNS queries, but block the resulting incoming responses..."
It's nice to see a story with info I can take and use. This is actually "stuff that matters".
Kudos to the researchers, and now I am off to check my firewall.

Ignant

[edraven]

In addition, 7 percent of all the queries already contained an IP address instead of a host name, which made the job of mapping it to an IP address irrelevant.

Is it just me, or is this a description of a reverse lookup? How does that qualify as unnecessary? This is a pretty common step in troubleshooting, and some software does a reverse lookup following a forward lookup to verify that the hostname it gets back is the same one it started with.

Chuckles

Incorrect top-level domains

[jb_nizet]

About 12 percent of the queries received by the root server on Oct. 4, were for nonexistent top-level domains, such as ".elvis", ".corp", and ".localhost"

Why don't DNS servers have a list of correct top-level domains, in order to answer directly, without going to a root server? The list is short, compared to the information the DNS server caches already, and the content of the list doesn't change so often. This list could be downloaded once in a day or so, from the DNS root servers.

When packet filters and firewalls allow outgoing DNS queries, but block the resulting incoming responses, software on the inside of the firewall can make the same DNS queries over and over, waiting for responses that can't get through

Why the hell does a firewall accept outgoing queries to black-listed domain names, if they are configured to block the response to these queries? This seems like a serious misconception to me.

JB.

Not really "broken" queries

[dachshund]

About 12 percent of the queries received by the root server on Oct. 4, were for nonexistent top-level domains, such as ".elvis", ".corp", and ".localhost".

And that's a problem? My understanding was dealing with this sort of thing was exactly the purpose of the root DNS servers. If every ISP's DNS server was pre-configured to recognize valid and invalid top-level domains, you could just set them up to go straight to the specific DNS servers handling those domains (.com, .net, .org, etc.) There would be no need for a root-level system.

The argument for allowing this kind of cracked query through to the root server is that it makes it easy to add new domains (.elvis, .corp, what have you) without forcing everyone to reconfigure their DNS boxes for each new top-level domain.