On Mon, 11 Mar 2013, Daniel Stirnimann wrote: > Since a few hours we see quite a large volume of MX queries on our TLD > as well as 2nd-level name-servers.
Testing that a relay is valid MX for a domain is a common practice for SPAM classification. You say the traffic you see is "odd", so I presume you've ruled that out. Ex: could be a busy mailserver, somebody could be running against a large previously captured corpus.. If they're generating large numbers of repeat queries in a short period (e.g. more than a handful within the TTL for the RRs returned) then maybe they need to place a caching resolver in front of their box. ;-) Of course if these are ANSWER=0 responses maybe the caching resolver isn't caching the responses... -- Fred Morris _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
