Industry oberservers have known for some time that Chromium-based browsers generate a lot of DNS traffic. Due to the browser code, Chromium-running machines would do DNS queries to try to determine if input into their omnibox is a domain name or a search query. Now, a cleaned-up version of the Chromium code has reduced daily Root DNS queries by 60 billion.
This also means we now know just many extra queries that process caused: 60 billion each day. Duane Wessels, an engineer with Verisign, detailed the Chromium change and its impact on Root DNS in a blog post earlier this month. Writing in the APNIC website, he recapped the problem from origin to solution.
Chromium had accounted for almost half of total DNS traffic
“In August and September 2020, Verisign quantified that upwards of 45.80% of total DNS traffic to the root servers was, at the time, the result of Chromium intranet redirection detection tests,” he writes.
“Since then, the Chromium team has redesigned its code to disable the redirection test on Android systems,” he adds. The team also introduced a multi-state DNS interception policy that supports disabling the redirection test for desktop browsers.
The new functionality was released mid-November of 2020 for Android systems in Chromium 87. Shortly thereafter, the root servers experienced a rapid decline of DNS queries, according to Wessels.
Chromium’s fix serves as an example to the broader community
“Chromium’s efforts show how such outreach and community engagement can have significant impact both to the parties directly involved, and to the broader community,” Wessels writes.
He continues: “Chromium’s actions will directly aide and ease the operational costs to mitigate attacks at the root. Reducing the root server system load by 41%, with potential further reduction depending on future Chromium deployment decisions, will lighten operational costs incurred to mitigate attacks by relinquishing their computing and network resources.”
11 hours ago
