That's the question section. Apparently, there is no NXDOMAIN below *.s3.amazonaws.com. For the time frame I looked at, all of these random label queries ( I counted 271'199 ) were answered with NOERROR.
Daniel On 23.10.19 15:28, Jelte Jansen wrote: > > are you showing the answers or is it really sending *cname* queries? > > Jelte > > anecdotal 2 cents on aws dns issues: I definitely noticed their problems last > night, from what I could tell it wasn't only s3 but all the amazon aws dns > services; they were simply dropping many queries. When I checked about 8 > hours ago it seemed so have been resolved. > > > On 10/23/19 2:37 PM, Daniel Stirnimann wrote: >> I have located a host in our network which sends such queries the >> network resolver (which we operate): >> >> mqfgioo5.s3.amazonaws[.]com. IN CNAME >> 6l-dpfrn.s3.amazonaws[.]com. IN CNAME >> 2idg5c42.s3.amazonaws[.]com. IN CNAME >> qzq3uz5m.s3.amazonaws[.]com. IN CNAME >> nenkxm2p.s3.amazonaws[.]com. IN CNAME >> yk2max6j.s3.amazonaws[.]com. IN CNAME >> qhcbric2.s3.amazonaws[.]com. IN CNAME >> wg-jmekf.s3.amazonaws[.]com. IN CNAME >> dnwn2ip1.s3.amazonaws[.]com. IN CNAME >> 711o385.s3.amazonaws[.]com. IN CNAME >> rn0v02a6.s3.amazonaws[.]com. IN CNAME >> pm1a3a4t.s3.amazonaws[.]com. IN CNAME >> 0xc.tibo.s3.amazonaws[.]com. IN CNAME >> 76jt.m9g.s3.amazonaws[.]com. IN CNAME >> 4tjc8hp.s3.amazonaws[.]com. IN CNAME >> b-.9ft7y.s3.amazonaws[.]com. IN CNAME >> >> Interestingly, it also sends other suspicious queries such as: >> >> . IN TYPE1847 >> . IN TYPE1847 >> . IN TYPE567 >> . IN TYPE1847 >> . IN TYPE567 >> . IN TYPE1847 >> . IN TYPE1847 >> . IN TYPE1900 >> . IN TYPE823 >> . IN TYPE1900 >> . IN TYPE1847 >> 7a4. IN TYPE868 >> . IN TYPE1847 >> . IN TYPE1847 >> . IN TYPE1900 >> . IN TYPE1847 >> . IN TYPE1847 >> 3n2y. IN TYPE612 >> . IN TYPE311 >> . IN TYPE1900 >> >> However, these are mostly answered from cache because of aggressive use >> of DNSSEC-validated cache. Still, I guess root server operators may see >> an increase in queries with unassigned query types. >> >> Daniel >> _______________________________________________ >> dns-operations mailing list >> [email protected] >> https://lists.dns-oarc.net/mailman/listinfo/dns-operations >> _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
