Slashdot Mirror

← Back to Stories (view on slashdot.org)

Lead Scientist Responds to Questions on Root Server Queries

Posted by ryuzaki0 on from the anti-spam-measure-backlash dept.

cidtoday writes "A CircleID interview with the lead scientist whose study recently revealed that 98% of a main root server queries are unnecessary, reveals that spam has little to do with the issue. In fact, he provides two reasons why anti-spam tools cause more unnecessary queries to the root servers than spam emails. Many other questions previously raised by Slashdot readers on the study are also answered."

5 of 192 comments (clear)

  1. Spam E-mail with broken links... by $$$$$exyGal · · Score: 5, Interesting
    spam emails floating around in people's inboxes, many of which contain broken links that cause bad DNS lookups

    Here's a link that lists how some spammers attempt to hide their real identities. This isn't necessarily exactly what the root server query guy was talking about, or maybe it is? Either way, it is very enlightening. Some slashdotters even occasionally try to hide a goatse link this way.

    --sex

    --
    Very popular slashdot journal for adul
  2. Never mind the roots... by bourne · · Score: 5, Interesting

    It's BB&N... er, GTEI... er, Genuity that's getting pounded. They provide caching DNS servers to the entire Internet at 4.2.2.1 (.2, ...) and because they're so easily memorizable, I've never met a sysadmin who didn't put them in a hosts' configuration in a pinch.

    1. Re:Never mind the roots... by zerocool^ · · Score: 3, Interesting

      Heh - anyone remember what the lookups to those used to be?

      ns:root> host 4.2.2.1
      1.2.2.4.in-addr.arpa domain name pointer vnsc-pri.sys.gtei.net.
      ns:root> host 4.2.2.2
      2.2.2.4.in-addr.arpa domain name pointer vnsc-bak.sys.gtei.net.
      ns:root> host 4.2.2.3
      3.2.2.4.in-addr.arpa domain name pointer vnsc-lc.sys.gtei.net.
      ns:root> host 4.2.2.4
      4.2.2.4.in-addr.arpa domain name pointer vnsc-pri-dsl.genuity.net.

      4.2.2.4 used to be i.will.not.steal.dns.sys.gtei.net.

      Now, that was an internet-wide easter egg!

      --
      sig?
  3. Why are they not blocking queries from the abusers by Jailbrekr · · Score: 4, Interesting

    If they can identify and quantify eplicit networks or IP addresses causing the 'abuse', then why don't they send a warning and then block them? They'll fix the problem real quick.....

    --
    Feed the need: Digitaladdiction.net
  4. So what? by Jordy · · Score: 4, Interesting

    I don't understand why this is news or why it required any level of study.

    The root servers handling zone '.' such as F.ROOT-SERVERS.NET put refresh periods of 48 hours on most every query. That means that at most once every 48 hours every name server on the planet should re-ask the root servers where to get answers for each of the gtlds, com, net, org, arpa, etc.

    What they should receive the most queries for are domains that don't exist because everything else is cached for such a long period of time. That is the point of the root servers.

    If the root servers are having trouble handling the query load then they should be upgraded for goodness sake. These are root servers after all and I think the global internet community could spare a few dollars to add some spare capacity if it is required.

    To improve on this, BIND could up the maximum negative RR cache default time to live. Right now I believe it is set to 3 hours and the root servers use a 1 day SOA.MINIMUM instead, so BIND is always lowering it by default.

    Of course, other nameservers are different. Some older versions of BIND by default only stored negative RR for 10 minutes.

    --
    The world is neither black nor white nor good nor evil, only many shades of CowboyNeal.