(A free DNS lookup for anyone who remembers that movie quote). I guess I'm just lamenting how much junk DNS traffic there is "out there". I know, I know. Old news.
I recently built a toy server to experiment with configless ipv6 reverse answers and a side-effect is that I scrutinized all the queries for an extended period. Big mistake! Apart from the incessant, apparent DDOS to ANY/pizzaseo.com, ANY/peacecorps.gov and the like thrown at all port 53 ipv4 addresses, there is also the inexplicable and also incessant ANY/sl. queries. What they do or who they are meant to hurt, I have no clue. But even the good guys are pretty unrelenting: I see 60+ queries per day, every day for TXT/a.b.qnamemin-test.nlnetlabs.nl coming from just three AWS instances. Is that really nlnetlabs? If so, what are they hoping to measure? Similarly: 30/day A/ip.parrotdns.com by censys-scanner.com 24/day A/cb00780e.asert-dns-research.com And what hetzner.com are up to I also have no clue, but they're pretty incessantly sending qmin type A queries. I know that the reverse range being queried is not very active, so these reverse queries are definitely not being triggered by outbound connections. Speaking of qname minimization, hoy boy, do they generate a lot of extra queries in the ipv6 reverse tree! I do wonder what secrets are being kept safe by not telling a parent name server what lower level PTR someone is after, but I'm sure there's good justification for it. Not that it's a lot of traffic and I know there is zero I can do about it, but I'm down to 30% of queries actually returning an answer, with >50% returning qmin NOERRORs and the rest REFUSED. Bah humbug. Mark. PS. Rotten Tomatoes gets it wrong with this one. _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
