Forum for Science, Industry and Business

Sponsored by:     3M 
Search our Site:


SD Supercomputer Center researchers find unnecessary traffic saturating a key Internet ’root’ server


Scientists at the San Diego Supercomputer Center (SDSC) at UCSD analyzing traffic to one of the 13 Domain Name System (DNS) “root” servers at the heart of the Internet found that the server spends the majority of its time dealing with unnecessary queries. DNS root servers provide a critical link between users and the Internet’s routing infrastructure by mapping text host names to numeric Internet Protocol (IP) addresses. Researchers at the Cooperative Association for Internet Data Analysis (CAIDA) at SDSC conducted a detailed analysis of 152 million messages received on Oct. 4, 2002, by a root server in California, and discovered that 98 percent of the queries it received during 24 hours were unnecessary. The researchers believe that the other 12 DNS root servers likely receive similarly large amounts of bad requests.

Locations of the Internet’s 13 Domain Name System “root” servers.

Some experts regard the system of 13 DNS root servers, the focus of several studies by CAIDA researchers, as a potential weak link in the global Internet. Spikes in DNS query traffic caused by distributed denial-of-service attacks are routinely handled by root server operators. Occasionally, as on Oct. 21, 2002, all 13 root servers are attacked simultaneously. Although no serious damage resulted from that incident, Richard A. Clarke, chairman of the President’s Critical Infrastructure Protection Board and special advisor to the president for cybersecurity, has expressed concern that attacks against root servers could potentially disrupt the entire Internet. CAIDA researchers will discuss their analysis of the root server and other cybersecurity findings with Clarke during his visit to SDSC on Jan. 28. CAIDA researchers will also present a paper detailing some of their DNS analysis at the 2003 Passive and Active Measurement Workshop April 6–8 at UCSD.

Only about 2 percent of the 152 million queries received by the root server in California on Oct. 4 were legitimate, while 98 percent were classified as unnecessary. CAIDA researchers are seeking to understand why any root server would receive such an enormous number of broken queries daily from lower level servers. “If the system were functioning properly, it seems that a single source should need to send no more than 1,000 or so queries to a root name server in a 24-hour period,” said CAIDA researcher Duane Wessels. “Yet we see millions of broken queries from certain sources.”

Wessels categorized all the queries received by the California root server on Oct. 4, 2002, into nine types. About 70 percent of all the queries were either identical, or repeat requests for addresses within the same domain. It is as if a telephone user were dialing directory assistance to get the phone numbers of certain businesses, and repeating the directory-assistance calls again and again. Lower level servers and Internet service providers (ISPs) could save—or cache—these responses from root servers, improving overall Domain Name Service performance.

About 12 percent of the queries received by the root server on Oct. 4, were for nonexistent top-level domains, such as “.elvis”, “.corp”, and “.localhost”. Registered top-level domains include country codes such as “.au” for Australia, “.jp” for Japan, or “.us” for the United States, as well as generic domains such as “.com”, “.net”, and “.edu”. In addition, 7 percent of all the queries already contained an IP address instead of a host name, which made the job of mapping it to an IP address irrelevant.

Researchers believe that many bad requests occur because organizations have misconfigured packet filters and firewalls, security mechanisms intended to restrict certain types of network traffic. When packet filters and firewalls allow outgoing DNS queries, but block the resulting incoming responses, software on the inside of the firewall can make the same DNS queries over and over, waiting for responses that can’t get through. Name server operators can use new tools such as dnstop, a software program written by Wessels and available at to detect and warn of these and other misconfigurations, significantly reducing bad requests.

Name-service errors in software implementations were reported as early as 1992, but some of these bugs are still with us today. Explosive Internet growth during the last decade exacerbates problems caused by defective name servers.

Rex Graham | EurekAlert!
Further information:

More articles from Information Technology:

nachricht Green Light for Galaxy Europe
15.03.2018 | Albert-Ludwigs-Universität Freiburg im Breisgau

nachricht Tokyo Tech's six-legged robots get closer to nature
12.03.2018 | Tokyo Institute of Technology

All articles from Information Technology >>>

The most recent press releases about innovation >>>

Die letzten 5 Focus-News des innovations-reports im Überblick:

Im Focus: Locomotion control with photopigments

Researchers from Göttingen University discover additional function of opsins

Animal photoreceptors capture light with photopigments. Researchers from the University of Göttingen have now discovered that these photopigments fulfill an...

Im Focus: Surveying the Arctic: Tracking down carbon particles

Researchers embark on aerial campaign over Northeast Greenland

On 15 March, the AWI research aeroplane Polar 5 will depart for Greenland. Concentrating on the furthest northeast region of the island, an international team...

Im Focus: Unique Insights into the Antarctic Ice Shelf System

Data collected on ocean-ice interactions in the little-researched regions of the far south

The world’s second-largest ice shelf was the destination for a Polarstern expedition that ended in Punta Arenas, Chile on 14th March 2018. Oceanographers from...

Im Focus: ILA 2018: Laser alternative to hexavalent chromium coating

At the 2018 ILA Berlin Air Show from April 25–29, the Fraunhofer Institute for Laser Technology ILT is showcasing extreme high-speed Laser Material Deposition (EHLA): A video documents how for metal components that are highly loaded, EHLA has already proved itself as an alternative to hard chrome plating, which is now allowed only under special conditions.

When the EU restricted the use of hexavalent chromium compounds to special applications requiring authorization, the move prompted a rethink in the surface...

Im Focus: Radar for navigation support from autonomous flying drones

At the ILA Berlin, hall 4, booth 202, Fraunhofer FHR will present two radar sensors for navigation support of drones. The sensors are valuable components in the implementation of autonomous flying drones: they function as obstacle detectors to prevent collisions. Radar sensors also operate reliably in restricted visibility, e.g. in foggy or dusty conditions. Due to their ability to measure distances with high precision, the radar sensors can also be used as altimeters when other sources of information such as barometers or GPS are not available or cannot operate optimally.

Drones play an increasingly important role in the area of logistics and services. Well-known logistic companies place great hope in these compact, aerial...

All Focus news of the innovation-report >>>



Industry & Economy
Event News

Ultrafast Wireless and Chip Design at the DATE Conference in Dresden

16.03.2018 | Event News

International Tinnitus Conference of the Tinnitus Research Initiative in Regensburg

13.03.2018 | Event News

International Virtual Reality Conference “IEEE VR 2018” comes to Reutlingen, Germany

08.03.2018 | Event News

Latest News

Wandering greenhouse gas

16.03.2018 | Earth Sciences

'Frequency combs' ID chemicals within the mid-infrared spectral region

16.03.2018 | Physics and Astronomy

Biologists unravel another mystery of what makes DNA go 'loopy'

16.03.2018 | Life Sciences

Science & Research
Overview of more VideoLinks >>>