The root of the DNS distributed database is managed by 13 root nameservers. We passively measure the performance of one of them: F.root-servers.net. These measurements show an astounding number of bogus queries: from 60-85% of observed queries were repeated from the same host within the measurement interval. Over 14% of a root server's query load is due to queries that violate the DNS specification. Denial of service attacks using root servers are common and occurred throughout our measurement period (7-24 Jan 2001). Though not targeted at the root servers, DOS attacks often use root servers as reflectors toward a victim network. We contrast our observations with those found in an earlier study of DNS rootserver performance by Danzig et. al.

About the Presenter
Evi Nemeth was a member of the Computer Science faculty at the University of Colorado, a visiting professor at UC San Diego, and a CAIDA researcher. Evi still dabbles in CAIDA projects as she tries to retire from the world of computers and networks to see the real world on her 40' sailboat.