In an effort to determine if a network will hijack DNS queries, Google Chrome Browser and similar Chromium-based programs randomly generate three domain names between 7 and 15 characters for testing, and if the response of two domains returns the IP itself, the browser believes that the network is "captured" and redirects non-existent domain requests.
This test is completed at startup and whenever IP settings or DNS of a device.
Because of the way DNS servers transfer locally unknown domain queries to more valid name servers, random domains used by Chrome find their way into DNS root servers and, according to Verisign chief engineer in the CSO Applied Research Division , Matthew Thomas, these queries are half of all queries on root servers.
"In more than 10 years since the addition of the feature, we now find that half of the DNS root server traffic is very likely due to detectors of Chromium, ”Thomas said in an APNIC blog post. "This equates to about 60 billion queries in the root server system in a standard day. "
Thomas added that half of the root server DNS traffic is used to support a browser function, and with DNS monitoring being "definitely the exception rather than the rule", traffic would be a distributed denial of service attack on any another scenario.
Earlier this month, Sans Johannes Ullrich, dean of the institute, looked at how many of the 2,7 million authentic name servers in the world would be needed to disable 80% of Internet.
"You only need 2.302 name servers," Ullrich said.
"0,35% of name servers are responsible for 90% of all domain names."
Ullrich found that GoDaddy was responsible for 94,5 million records, Google Domains had 20 million, the dns.com trio, hichina and IONOS had 15,6 million each, while Cloudflare had 13,8 million records.
"Using a cloud-based DNS service is simple and often more reliable than running your name server. But this large concentration of name server services with few entities significantly increases it risk for infrastructure ", he said.
To reduce the risk of an ISP being shut down by Internet portions, Ullrich said people should run internal name servers and make sure they use more than one DNS provider.
Telstra provided an example of how a DNS failure can appear as an internet outage to users and in this case, telco successfully carried out a denial of service attack on its own.
"The massive messaging storm presented as a denial of service attack has been investigated by our security teams and we now believe the incident was not malicious but a Domain Name Server issue," telco said earlier this month.
Last month, Cloudflare provided a similar example on a much larger scale.