I have located a host in our network which sends such queries the network resolver (which we operate):
mqfgioo5.s3.amazonaws[.]com. IN CNAME 6l-dpfrn.s3.amazonaws[.]com. IN CNAME 2idg5c42.s3.amazonaws[.]com. IN CNAME qzq3uz5m.s3.amazonaws[.]com. IN CNAME nenkxm2p.s3.amazonaws[.]com. IN CNAME yk2max6j.s3.amazonaws[.]com. IN CNAME qhcbric2.s3.amazonaws[.]com. IN CNAME wg-jmekf.s3.amazonaws[.]com. IN CNAME dnwn2ip1.s3.amazonaws[.]com. IN CNAME 711o385.s3.amazonaws[.]com. IN CNAME rn0v02a6.s3.amazonaws[.]com. IN CNAME pm1a3a4t.s3.amazonaws[.]com. IN CNAME 0xc.tibo.s3.amazonaws[.]com. IN CNAME 76jt.m9g.s3.amazonaws[.]com. IN CNAME 4tjc8hp.s3.amazonaws[.]com. IN CNAME b-.9ft7y.s3.amazonaws[.]com. IN CNAME Interestingly, it also sends other suspicious queries such as: . IN TYPE1847 . IN TYPE1847 . IN TYPE567 . IN TYPE1847 . IN TYPE567 . IN TYPE1847 . IN TYPE1847 . IN TYPE1900 . IN TYPE823 . IN TYPE1900 . IN TYPE1847 7a4. IN TYPE868 . IN TYPE1847 . IN TYPE1847 . IN TYPE1900 . IN TYPE1847 . IN TYPE1847 3n2y. IN TYPE612 . IN TYPE311 . IN TYPE1900 However, these are mostly answered from cache because of aggressive use of DNSSEC-validated cache. Still, I guess root server operators may see an increase in queries with unassigned query types. Daniel _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
