Most net address queries are unnecessary

Analysis of the queries sent to one of the net's core address books show that 98% of them could have been handled by other parts of the network.

Dealing with these queries on the outer reaches of the net rather than at its core could help limit the damage of concerted attacks on key servers say experts.

The report and advice comes as the net recovers from the damage wrought by the Slammer worm that exploited holes in Microsoft software.

Bad call

Often your computer only knows where to go to get the webpage you want by consulting one of 13 root servers.

These, or others closer to your home PC if the site you are after is particularly popular, translate the text address you type into your browser into a numerical one the net understands.

These fast, powerful computers possess lists of the location of other servers holding records of the exact location of the net's many websites.

As the master address books the 13 servers are an obvious choke point for the net and have already had been attacked en masse.

Researchers at the San Diego Supercomputer Center (SDSC) have analysed traffic received by one root server on 4 October last year and found that it spent most of its time dealing with unnecessary queries.

We see millions of broken queries from certain sources Duane Wessels, San Diego Supercomputer Center

On that day the server received more than 152 million queries and the researchers estimate that 98% of these requests were unnecessary.

Analysis of the figures showed that 70% of the requests for net addresses were duplicates - essentially different people looking for the same sites.

The SDSC scientists say all these queries could easily be dealt with if frequently requested information were held, or cached, by net service providers.

A further 12% of the queries sent to the server were for frivolous or non-existent domains such as .elvis, .corp, and .localhost.

Many of the requests sent to the server used the numeric net address of the site in question, meaning the entire request was unnecessary.

"If the system were functioning properly, it seems that a single source should need to send no more than 1,000 or so queries to a root name server in a 24-hour period," said Duane Wessels, a researcher from the Cooperative Association for Internet Data Analysis at the SDSC.

"Yet we see millions of broken queries from certain sources," he said.

The researchers believe that many of the requests are due to badly configured networks that allow computers to make queries but do not let the reply return to the requesting computer.

As a result many computers continue to request addresses fruitlessly over and over again.

The SDSC is creating software tools that help network administrators tweak systems to stop them making unnecessary requests.