Abuse of the DNS at the root-server level is well documented by studies of packet traces taken from root servers. For example:
We use simulations based on DNS software implementations (BIND8, BIND9, windows*, djpdns) to enhance our understanding of the client-side of DNS transactions. Our lab setup models the typical DNS architecture with root, TLD, SLD, and caching nameservers. We replay a large trace file with different caching software and different network environments. The results advance our understanding of nameserver selection algorithms and the level of DNS traffic injected into the Internet for a given client-side workload.
About the Presenter
Duane Wessels discovered Unix and the Internet as an undergraduate
studying physics at Washington State University. After playing System
Administrator for a few years, he moved to Boulder, Colorado, to attend
graduate school. In late 1994, he joined the Harvest project, where he
worked on searching, indexing and caching. From 1996 until 2000, he was
co-principle investigator of the NLANR Information Resource Caching
project (IRCache). During this time he and others developed and supported
the Squid caching proxy. His second book, titled Squid: The Definitive
Guide, is soon to be published by O'Reilly and Associates.
Currently, he is co-owner and president of The Measurement Factory, Inc.,
a company that specializes in evaluating the performance and compliance of
HTTP-aware devices.
PDF presentation
RealVideo stream