In this paper we characterize DNS clients that send large numbers of queries to root DNS servers. Analysis of trace data from the two F root servers shows a number of interesting characteristics. Many root server clients send an excessive number of packets. We describe a few of the busiest sources in detail. After classifying each query from the trace, we find that a very small percentage of the total traffic is legitimate.