[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200407260658.i6Q6wmq24417@tag.witbe.net>
From: rol at witbe.net (Paul Rolland)
Subject: FW: Question for DNS pros
Hello,
> I've altered the real hostname on our network to "targethost"
> and altered
> the querying IP to x.x.x.x for privacy reasons. All these
> queries are
> *from* the same host. This pattern is *typical* of what I'm
> seeing from a
> *number of diverse hosts* from all over the world.
>
> 22:06:10.294071 x.x.x.x.2566 >
> targethost.utdallas.edu.domain: 29462 NS? .
> (17)
> 22:06:11.043050 x.x.x.x.2566 >
> targethost.utdallas.edu.domain: 29463 NS? .
> (17)
> 22:06:11.791218 x.x.x.x.2566 >
> targethost.utdallas.edu.domain: 29464 NS? .
> (17)
Seems to be a query for the NS for the "." (root) zone.
The machine sending the queries is probably configured to use
your server as a complete DNS resolver and transfer all its queries
to your server.
Regards,
Paul
Powered by blists - more mailing lists