Today I learned that roughly 50% of the all DNS queries to the root DNS servers are garbage produced by a single function in chromium and (all) browsers based on it.1 This function tries to detect NXDOMAIN hijacking by internet providers by generating 3 random, non-existing top-level domains (TLD) and request them as part of a regular http request. This important because Chromium-based browsers have a unified search and URL bar, which search feature can be defeated by NXDOMAIN hijacking as suddenly everything becomes a valid domain name. With all that said, when a recursive DNS server doesn’t know the answer to a DNS request it’ll ask the next DNS tier, which in case of a TLD is simple the root DNS servers. As Chromium runs this test on each startup and network change and there are literally more than 70% of chromium(-based) browsers on the internet that from time to time switch their networks2. This results in a ton of nonsense DNS requests on the root DNS servers. According to a study published on the APNIC’s blog it’s roughly 50% of all DNS traffic that hits the root DNS servers. 50%. Half of the traffic to the that hits one of the most important parts of the internet’s infrastructure is literal garbage created by a single function in a browser that is only needed because 2 input boxes, for 2 different functionalities is too complicated for users. And in 10 years they haven’t made it to find a better solution for the problem.
I came across this when browsing Mastodon and reading a toot of JP Mens that linked the APNIC article. I highly recommend to follow him if you are interested in DNS. And I recommend even more to check out the APNIC article because they have some nice graphs and explain the problem and how it’s showing on the root DNS server side in depth.
Chromium, for those unaware, is the open source base, published by Google, for the popular Google Chrome browser as well as the majority of other browsers such as Vivaldi, Opera but also the newest version of Microsoft Edge or Brave. The only really competitors these days are Apple with WebKit/Safari and Mozilla with Firefox ↩
Like your phone joining and leaving your Home network ↩