mailing list archives
Re: FW: Question for DNS pros
From: "Paul Rolland" <rol () witbe net>
Date: Mon, 26 Jul 2004 08:58:48 +0200
I've altered the real hostname on our network to "targethost"
the querying IP to x.x.x.x for privacy reasons. All these
*from* the same host. This pattern is *typical* of what I'm
seeing from a
*number of diverse hosts* from all over the world.
22:06:10.294071 x.x.x.x.2566 >
targethost.utdallas.edu.domain: 29462 NS? .
22:06:11.043050 x.x.x.x.2566 >
targethost.utdallas.edu.domain: 29463 NS? .
22:06:11.791218 x.x.x.x.2566 >
targethost.utdallas.edu.domain: 29464 NS? .
Seems to be a query for the NS for the "." (root) zone.
The machine sending the queries is probably configured to use
your server as a complete DNS resolver and transfer all its queries
to your server.
Full-Disclosure - We believe in it.
Re: Question for DNS pros Jason Coombs PivX Solutions (Jul 25)
- Re: Question for DNS pros, (continued)