This is a “spoofing resistance” technique. For more info, check “0x20 Bit Encoding”.
Sent from my iPhone > On 22-Dec-2019, at 10:59 PM, bind-users@lists.isc.org wrote: > > Every so often, we get a run of peculiar queries to our (BIND / named) > DNS server. Note the apparently random mix of lower case and upper case > letters in the domain names. > > Does anybody have any idea why somebody would be doing this? (It's > legal, I guess, but quite non-standard.) > > Dec 22 12:05:43 iment0 named[10333]: client 134.0.217.68#20012 > (Www.IMent.coM): query: Www.IMent.coM IN AAAA -E (216.55.100.246) > > Dec 22 12:05:44 iment0 named[10333]: client 134.0.217.54#53150 > (Www.iMent.Com): query: Www.iMent.Com IN AAAA -E (216.55.100.246) > > Dec 22 12:05:44 iment0 named[10333]: client 134.0.217.53#27016 > (WWw.imENT.cOm): query: WWw.imENT.cOm IN A -E (216.55.100.245) > > Dec 22 12:05:44 iment0 named[10333]: client 134.0.217.69#23417 > (WWw.IMeNt.cOM): query: WWw.IMeNt.cOM IN A -E (216.55.100.245) > > Thanks, > Paul Kosinski > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users Disclaimer: This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users