On 23.08.12 13:43, Eivind Olsen wrote:
I haven't seen this before.. I'm currently seeing someone (1 ip address)
do about 2.1 million queries / hour where a majority of the queries seem
to be:
b._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR +
db._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR +
r._
In our case, 90% of the dns-sd queries were for the 192.168 network.
These are from 1 client:
DNS C db._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ?
DNS C dr._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ?
DNS C lb._dns-sd._udp.0.158.168.192.in-addr.arpa. Internet PTR ?
DNS C cf.
nts of bind-users digest..."
>
>
> Today's Topics:
>
>1. Question about connections to BIND and tcp 443 (Moore, Mark A.)
>2. Re: Question about connections to BIND and tcp 443 (SM)
>3. Re: Question about connections to BIND and tcp 443 (Adam Tkac)
>
uestion about connections to BIND and tcp 443 (Adam Tkac)
4. Re: Question about connections to BIND and tcp 443 (Jan-Piet Mens)
5. What can cause excessive amount of _dns-sd queries? (Eivind Olsen)
6. Re: What can cause excessive amount of _dns-sd queri
st 23, 2012 10:05 AM
To: Eivind Olsen
Cc: bind-users-bounces+wbrown=e1b@lists.isc.org; bind-users@lists.isc.org
Subject: Re: What can cause excessive amount of _dns-sd queries?
Elvind wrote on 08/23/2012 09:18:06 AM:
> Yeah, now I'm just wondering which OS / application / malware /
> w
Elvind wrote on 08/23/2012 09:18:06 AM:
> Yeah, now I'm just wondering which OS / application / malware / whatever
> could be responsible for this :)
Someone trying to use ZeroCOnf: http://zeroconf.org I believe Macs come
configured to use it by default, Linux and Windows can be configured to
Torsten Segner wrote:
> these seem to be DNS Service Discovery requests and yes, we see loads of
> them on our servers.
Yeah, now I'm just wondering which OS / application / malware / whatever
could be responsible for this :)
(no, the client isn't directly under my control, it belongs to some cu
Am Thu, 23 Aug 2012 13:43:32 +0200
schrieb "Eivind Olsen" :
> Hello.
>
> I haven't seen this before.. I'm currently seeing someone (1 ip address)
> do about 2.1 million queries / hour where a majority of the queries seem
> to be:
>
> b._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR +
> db._dns-sd
Hello.
I haven't seen this before.. I'm currently seeing someone (1 ip address)
do about 2.1 million queries / hour where a majority of the queries seem
to be:
b._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR +
db._dns-sd._udp.0.129.16.172.in-addr.arpa IN PTR +
r._dns-sd._udp.0.129.16.172.in-addr.
9 matches
Mail list logo