In an effort to detect whether a network will hijack DNS queries, Google’s Chrome browser and its Chromium-based brethren randomly conjures up three domain names between 7 and 15 characters to test, and if the response of two domains returns the same IP, the browser believes the network is capturing and redirecting nonexistent domain requests. This test is completed on startup, and whenever a device’s IP or DNS settings change.
Due to the way DNS servers will pass locally unknown domain queries up to more authoritative name servers, the random domains used by Chrome find their way up to the root DNS servers, and according to Verisign principal engineer at CSO applied research division Matthew Thomas, those queries make up half of all queries to the root servers. Data presented by Thomas showed that as Chrome’s market share increased after the feature was introduced in 2010, queries matching the
Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/nlNwnTdaI9Y/chromiums-dns-hijacking-tests-accused-of-causing-half-of-all-root-queries