back to article Key internet address server sees spike in traffic

Traffic hitting a key internet address look-up server in Europe has spiked over the past 24 hours, reaching loads that are four times higher than normal. It's still not clear what's causing the sharp increase in queries to the K-root, which is maintained by the RIPE Coordination Network Centre. Engineers with the Netherlands- …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Meh

    Who the hell uses root anymore

    My ISP caches everything.

    1. M Gale

      Who the hell uses root any more

      Your ISP does?

    2. Anonymous Coward
      FAIL

      Re: Who the hell uses root anymore

      Er, indirectly - that'd be *everybody* who wants to resolve anything.

    3. Anonymous Coward
      Anonymous Coward

      seriously.........

      ultimately everyone does..... even with caching and extending TTL's there needs to be an authoritative source to start with

    4. Ken Hagan Gold badge

      Re: Who the hell uses root anymore

      People with mis-configured systems that are no longer using their ISP?

      My guess is that a manufacturer has just issued a bad update and zillions of domestic ADSL routers are now banging directly on the root servers.

  2. Paul 87

    Well it is a World of Warcraft patch day

    ... all it'd take is one poorly programed query in the initial updater and suddenly you've got a few million people all hunting for addresses that don't actually exist!

    1. Anonymous Coward
      Headmaster

      Or maybe an update to a popular mobile phone app or OS?

      Although I guess neither of our theories would explain why the traffic spike only affected one of the root servers. But maybe some idiot has hardcoded a root-server IP address, in the same way that the NTP service has had so much trouble in recent years from cheap home NAT routers.

  3. davenewman
    Alien

    DNS poisoning?

    Has someone been trying DNS poisoning and then trying to overload the root servers so the poisoned entries cannot be fixed?

    1. John Robson Silver badge

      Overloading the root servers is hard

      even overloading just one of them is difficult.

      It's actually quite a good system - although DNSSEC and DNSCurve could both claim a place for improvements...

  4. Anonymous Coward
    WTF?

    I don't think he is "reading the rolling graph on http://dns.icann.org/" correctly.

    Maybe I'm looking at the wrong graph on that site or something, but that appears to be a graph of traffic to the L- root server, not the K- one, so at the very least it could benefit from a bit of explaining why this might be relevant to the story.

  5. alwarming
    Paris Hilton

    K & L use NSD instead of BIND...

    Not sure if that makes any difference... ?

  6. Colin Dijkgraaf
    Mushroom

    http://dns.icann.org/ traffic

    Yes, that is the L root server and if you look at the weeks range by Node you can see that it has a lot heavier load over the last day and a bit as well, it starts spiking at the end of the 28th.

    The spike is in IPv4 traffic for A type queries.

    What is interesting is that it appears to be from two subnets responsible.

    The 202.0.0.0 subnet (country code AU) as that has gone from a mean query rate of 300 q/s (a week ago) to 1500 q/s this week

    The 61.0.0.0 subnet (country code IN) has gone from about 300 q/s to 900 q/s

    Also the recursion desired has gone from less than 1000 to just under 4000.

    1. Anonymous Coward
      Anonymous Coward

      blacklist?

      Does this correlate?

  7. conhoolio

    K Root Down?

    I Kick It Root Down I Put My Root Down

    I Kick It Root Down I Put My Root Down

    So How We Gonna' Kick It Gonna Kick It Root Down

    Yea How You Wanna' Kick It Gonna Kick It Root Down

  8. Frank Bitterlich
    Holmes

    Google+ ?

    There have been reports of the newly launched Google+ service having scaling issues. Coincidence?

  9. Anonymous Coward
    Pirate

    LulzSec

    ...are back :)

This topic is closed for new posts.