Acting as stealth slave for root zone

mayer at mayer at
Thu Dec 9 18:02:56 UTC 2004

----- Original Message Follows -----
> On Wed, 08 Dec 2004 20:26:42 -0500, Barry Margolin
> > <barmar at> wrote: In article <cp8091$27lb$1 at>,
> >  Mark Andrews <Mark_Andrews at> wrote:
> > >       It's not so much about referrals to the TLDs as is it is
> > >       about all the NXDOMAIN responses.
> > 
> > But how often do people refer to nonexistent TLDs?  They're much
> > more likely to mention nonexistent 2LDs, and to reduce all that
> > traffic you'd need to slave the popular TLDs.
>   You'd be surprised.  I just took a 30 second snapshot on one of my
> busy servers, and better than 10.5%  of the queries were for invalid
> TLDs.
>   On a related note, does anybody know what app might be responsible
> for generation queries for names like hitbox[2].txt, hitbox[1].txt,
> sextracker[1].txt, gator[1].txt, advertising[1].txt.
> txt is always in the top 5 TLDs queried for me.

It's spyware of some kind. AdAware picks it up all the time. gator
indicates that it's probably from the gator spy app.


More information about the bind-users mailing list