--- Begin Message ---
Hi Mark,
The quarries for TXT/a.b.qnamemin-test.nlnetlabs.nl
<http://a.b.qnamemin-test.nlnetlabs.nl/> are not coming from NLnetlabs but from
a Swedish research project.
Rapid7 produces a list of ip addresses with alleged resolvers on port 53.
We check all those resolvers for min.
/Ulrich
> On 13 Feb 2022, at 06:38, Mark Delany <[email protected]> wrote:
>
> (A free DNS lookup for anyone who remembers that movie quote).
>
> I guess I'm just lamenting how much junk DNS traffic there is "out there". I
> know, I
> know. Old news.
>
> I recently built a toy server to experiment with configless ipv6 reverse
> answers and a
> side-effect is that I scrutinized all the queries for an extended period. Big
> mistake!
>
> Apart from the incessant, apparent DDOS to ANY/pizzaseo.com,
> ANY/peacecorps.gov and the
> like thrown at all port 53 ipv4 addresses, there is also the inexplicable and
> also
> incessant ANY/sl. queries. What they do or who they are meant to hurt, I have
> no clue.
>
> But even the good guys are pretty unrelenting:
>
> I see 60+ queries per day, every day for TXT/a.b.qnamemin-test.nlnetlabs.nl
> coming from
> just three AWS instances. Is that really nlnetlabs? If so, what are they
> hoping to
> measure?
>
> Similarly:
>
> 30/day A/ip.parrotdns.com by censys-scanner.com
> 24/day A/cb00780e.asert-dns-research.com
>
> And what hetzner.com are up to I also have no clue, but they're pretty
> incessantly sending
> qmin type A queries.
>
> I know that the reverse range being queried is not very active, so these
> reverse queries
> are definitely not being triggered by outbound connections.
>
> Speaking of qname minimization, hoy boy, do they generate a lot of extra
> queries in the
> ipv6 reverse tree! I do wonder what secrets are being kept safe by not
> telling a parent
> name server what lower level PTR someone is after, but I'm sure there's good
> justification
> for it.
>
> Not that it's a lot of traffic and I know there is zero I can do about it,
> but I'm down to
> 30% of queries actually returning an answer, with >50% returning qmin
> NOERRORs and the rest
> REFUSED.
>
>
> Bah humbug.
>
>
> Mark.
>
> PS. Rotten Tomatoes gets it wrong with this one.
>
> _______________________________________________
> dns-operations mailing list
> [email protected]
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
--- End Message ---
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
