Re: underscores in A queries
Those are qname minimization queries. Because DNS implementations (especially in load-balancers) are so broken, the qname minimizing resolver can’t ask for: IN NS because that often doesn’t work, but when it asks: _. IN A the resolver will get the correct answer. Unfortunately, this is the world we are living in... Ondrej -- Ondřej Surý (He/Him) ond...@isc.org > On 9. 4. 2021, at 20:28, Kevin K wrote: > > Hi, > > I've been parsing my query logs to watch for unusual/unexpected lookups, and > I notice quite a few A queries with underscores, often in patterns like > > _.domainname.com > > often followed by > > _.xyz.domainname.com > > or > > _.domainname.com.mydomain.com > > Can someone tell me what these are and what the underscores mean? > > > thanks > > Kevin > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users signature.asc Description: Message signed with OpenPGP ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: underscores in A queries
On 4/9/21, John W. Blue via bind-users wrote: > It would seem that underscores is one of those characters in DNS that leads > a double life. > > RFC’s say that underscores are disallowed for use in hostnames Right. But it's **hostnames** and not everyone enforces that rule :( > but SRV > records use it to indicate service type et al. SRV records aren't hostnames, nor are CNAME records, TXT, etc. I've got this bit in my notes re "check-names response fail;" # also see dns-operati...@lists.dns-oarc.net # [dns-operations] about the underline in hostname # where the consensus is to not do this check on resolvers Regards, Lee ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: underscores in A queries
It would seem that underscores is one of those characters in DNS that leads a double life. RFC’s say that underscores are disallowed for use in hostnames but SRV records use it to indicate service type et al. And then you have the acm-validations.aws geniuses who use it their hostnames to validate domain ownership to issue SSL certs never mind it that the format completely screws up the design and architecture of your subzones. :/ (not a fan of Route53 BTW .. and now they say they can “do” DNSSEC. lol) So while there is more to talk about with underscores the real answer to your question is what do those records resolve to? SIP or TCP or whatever? Using the DNS query answer will provide the clue as to why those questions are being asked. John From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Kevin K Sent: Friday, April 09, 2021 1:28 PM To: bind-users@lists.isc.org Subject: underscores in A queries Hi, I've been parsing my query logs to watch for unusual/unexpected lookups, and I notice quite a few A queries with underscores, often in patterns like _.domainname.com often followed by _.xyz.domainname.com or _.domainname.com.mydomain.com Can someone tell me what these are and what the underscores mean? thanks Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
underscores in A queries
Hi, I've been parsing my query logs to watch for unusual/unexpected lookups, and I notice quite a few A queries with underscores, often in patterns like _.domainname.com often followed by _.xyz.domainname.com or _.domainname.com.mydomain.com Can someone tell me what these are and what the underscores mean? thanks Kevin ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
