New Chromium security feature accidentally creating massive load on DNS servers

Written about 1 month ago by IanDorfman

A security feature in the browser tech that powers some of the world's most popular Internet browsers is causing the Domain Name System that allows users to easily browse the Internet by website names instead of IP addresses to suffer a massive influx of requests.

Small Chromium iconChromium's new "Intranet Redirect Detector" security feature currently accounts for around half of the total received traffic for the world's root DNS servers.

When looking up a word or term in any Chromium-powered web browser, the browser submits DNS lookups for 3 randomly generated 7-to-15-character top-level "domains." Though this is an effective defense system against networks that hijack mistyped URLs, for the majority of servers that aren't, this defense mechanism can bounce a DNS query up and up until it receives a notice from a root server that the URL typed doesn't exist.

Since the post on the APNIC blog detailing the issue, it has received daily updates on the Chromium Bug Tracker. Once this issue is resolved, it will help in curbing over 60 billion needless DNS queries plaguing the Internet's root DNS servers.

Further coverage:
APNIC Blog
Ars Technica