News

Chromium function against DNS hijacking puts a high load on root servers

By admin
Spread the love

A function in the Chromium browser causes problems with the root DNS servers by running a large amount of queries. More than half of all DNS queries now originate from browsers based on Chromium, which, according to experts, causes problems.

The problem is in the Intranet Redirect Detector. This function is used, among other things, in the ‘omnibox’ in Chromium, the search bar where both https websites and search terms can be entered. The browser does not know whether a url or a search term or an intranet link should be loaded. As a security measure, Chromium has the IRDfunction to prevent DNS hijacking by providers, for example. For example, ISPs could redirect an invalid search term to a nonexistent intranet page to their own web page. The Intranet Redirect Detector therefore performs a dns request for three randomly generated domain names as a test. If the same IP address returns from two of those domains, Chromium sees this as a DNS hijacking and the entered term is treated as a search term.

There is a problem there, argues Matthew Thomas of Verisign in a much-shared blog post. The IRD test is performed every time Chromium is started or when a device changes ip or dns settings. The random domain names that Chromium generates for that test do not really exist in most cases, and therefore are not detected by most resolvers. Instead, they are redirected all the way to the root DNS servers, Thomas says, and that happens often.

Thomas states that half of all visits to the DNS root servers are now “most likely done by Chromium requests.” “That means that an average of some sixty billion queries a day are sent to the root servers.” Thomas does not say whether or not the root servers can handle this, nor does he outline problem scenarios. The checks that Chromium browsers do should be “the exception rather than the norm,” he says. “In any other scenario, such traffic would be classified as a DDOS attack,” he writes.

There has been an issue in the Chromium project for some time that proposes to discontinue the IRD. That issue was opened before Thomas wrote his blog post, but since then there have been more and more responses. In the issue, many developers seem to be in favor of not enabling IRD by default. The feature itself has been around since 2010.

You might also like
News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Citrix warns of critical vulnerability in NetScaler ADC and Gateway

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Telegram has over 800 million active users and is not yet profitable