DNS Measurements at a Root Server

Nevil Brownlee, kc Claffy, and Evi Nemeth
Cooperative Association for Internet Data Analysis - CAIDA
San Diego Supercomputer Center
University of California, San Diego

The Domain Name System (DNS) manages domain names to be used in network transactions (email, web requests, etc.) instead of IP addresses. The root of the DNS distributed database is managed by 13 root nameservers. We passively measure the performance of one of them: F.root-servers.net.

These measurements show an astounding number of bogus queries: from 60-85% of observed queries were repeated from the same host within the measurement interval. Over 14% of a root server's query load is due to queries that violate the DNS specification. Denial of service attacks using root servers are common and occurred throughout our measurement period (7-24 Jan 2001). Though not targeted at the root servers, DOS attacks often use root servers as reflectors toward a victim network. We contrast our observations with those found in an earlier study of DNS rootserver performance by Danzig et al.