Brownlee et al's article describes their experiments and conclusions regarding domain name servers, DNS root server performance and typical mis configured queries that root name servers come across.
The authors passively measure traffic flowing into the F root name server using the tcpdump tool. Measurements were taken in rates of 1 hr, 2 hrs and 2 millon and 4 millon packets. DNS requests are made using UDP with each request in a snigle UDP packet. A detailed analysis was made using these trace logs.
The authors broadly classify name server bugs into three categories: timeouts due to repeated queries, not understanding no NXDOMAIN, and not understanding referrals.
One of the big problems was the repeated query problem. Nameservers do not seem to understand referrals or SERVFAIL responses and keep asking the same question over and over again. It is interesting to note that the Windows based nameservers were the common offenders.
Another problem is packets addresses from RFC 1918 based addresses reaching the name server. The root server cannot send back any responses to these queries. The problem is most likely to be a router misconfiguration at the local subnet where the query originated.
The authors mention a case where the query asks for a hostname associated with a RFC 1918 address. This looks a bit confusing. How would the root name server know whether a hostname is associated with a RFC 1918 address? This issue needs to be resolved.
The next concern is regarding top level domain names. Again it is surprising to note that these queries leaked to till the root name server. The authors havent made a mention, but it would be interesting to know if these queries were repeated over time.
The most important concern though seems to be the excessive number of bogus queries coming to the root name server. The reasons given are a windows library bugs and a couple of windows based viruses.
Other concerns include requests originating from port zero and dynamic updates sent to root servers. Root server neednt know about dynamic updates. The authors also found cases where the DNS system was usedto mount denial of service attacks. This brings about additional load on the root name server. Also they mention a specific case where a gross misconfiguration of the name server at Microsoft caused a high increase in the number of requests seen by the root name server.
Overall the authors have made quite a detailed study of DNS root name server problems. There is still an issue (mentioned previously) which is still not explained. Another drawback is that the authors have not made any suggestion to alleviate these problems. This leaves the article incomplete. Nevertheless the paper is recommended for study as it gives an interesting insight into common DNS problems.