Acting as stealth slave for root zone
mayer at gis.net
mayer at gis.net
Thu Dec 9 18:02:56 UTC 2004
----- Original Message Follows -----
> On Wed, 08 Dec 2004 20:26:42 -0500, Barry Margolin
> > <barmar at alum.mit.edu> wrote: In article <cp8091$27lb$1 at sf1.isc.org>,
> > Mark Andrews <Mark_Andrews at isc.org> wrote:
> > > It's not so much about referrals to the TLDs as is it is
> > > about all the NXDOMAIN responses.
> >
> > But how often do people refer to nonexistent TLDs? They're much
> > more likely to mention nonexistent 2LDs, and to reduce all that
> > traffic you'd need to slave the popular TLDs.
>
> You'd be surprised. I just took a 30 second snapshot on one of my
> busy servers, and better than 10.5% of the queries were for invalid
> TLDs.
> On a related note, does anybody know what app might be responsible
> for generation queries for names like hitbox[2].txt, hitbox[1].txt,
> sextracker[1].txt, gator[1].txt, advertising[1].txt.
> txt is always in the top 5 TLDs queried for me.
>
It's spyware of some kind. AdAware picks it up all the time. gator
indicates that it's probably from the gator spy app.
Danny
More information about the bind-users
mailing list