1.1.1.1: Cloudflare's New DNS Attracting 'Gigabits Per Second' of Rubbish

An anonymous reader quotes a report from ZDNet: Cloudflare's new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Center (APNIC). The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy. "We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," wrote APNIC's chief scientist Geoff Huston in a blog post. "We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs. We are also unclear how much of the DNS is related to end user or application requirements for name resolution, and how much is related to the DNS chattering to itself."

The Cloudflare-APNIC experiment uses two IPv4 address ranges, 1.1.1/24 and 1.0.0/24, which have been reserved for research use. Cloudflare's new DNS uses two addresses within those ranges, 1.1.1.1 and 1.0.0.1. These address ranges were originally configured as "dark traffic addresses", and some years ago APNIC partnered with Google to analyze the unsolicited traffic directed at them. There was a lot of it. "Our initial work with it certainly showed it to be an unusually strong attractor for bad traffic. At the time we stopped doing it with Google, it was over 50 gigabits per second. Quite frankly, few folk can handle that much noise," Huston told ZDNet on Wednesday. By putting Cloudflare's DNS on these research addresses, APNIC gets to see the noise as well as the DNS traffic -- or at least "a certain factored amount" of it -- for research purposes.

Research

[symes]

I would be very interested in following the research they are undertaking. Anyone know how/where this will be published?

Re:Research

[onepoint]

Hi Zocalo,

I come from a time when we looked at cycles of a process to see what we could do to reduce the cpu's usage ( and all the other steps ), I believe the reason for working in the IPv4 space is similar to that, they are first trying to find out what is going on with the least amount of junk in the system from their end.

DNS resolving is such a critical issue that the lessons learned in one space, Might ( not will or work ) be transferable to the IPv6 space. So I would think that the processing cycle savings by working in IPv4 space might be a huge ( well my math is rusty so 255 x 254 x 253 = 16386810 in savings per processing cycle ) not a lot but still a small saving.

Another perspective also brings out the point, that if the junk traffic can be cleaned out ( nulled ), the new savings can be used for better end-user experience. We have a correlated example of this back when hurricane sandy hit. Spam numbers decreased by a noticeable percentage, this would lead to the following assumptions ( but not fact ), Less energy use overall. So testing on the starting platform, finding results, and seeing if it can be brought out to the next level is a good thing for the growth of the 'net'

of course I could be totally wrong and it was some upper management choice because they did not know better.

Experiment?

[RadioD00d]

The summary repeatedly calls this an 'experiment' - does that also indicate that at some point, these nameservers will be disabled / changed / removed in the guise of 'science'? Since TANSTAAFL, I find it difficult to believe that even Cloudflare (who makes buckets of money in other ways) is just going to give away this service forever. I know, THEY'RE GATHERING DATA - if you're that concerned about the crap you post on the internet, you either need to re-evaluate your exposure or just cut your ethernet cable entirely....

Gigabits per second of rubbish? No shit.

[BlacKSacrificE]

There are plenty of examples of people suggesting ping to 1.1.1.1 as a delay in batch scripting. The thought of batches all over the world now failing because people used a kludge method to pause was only slightly more amusing than the thought of all the junk traffic 1.1.1.1 would see as a result.

For our next amazing trick, we're going to make 555-xxxx a valid number range! Follow the action live at example.com!