Strange DNS Queries
Smith, William E. (Bill), Jr.
Bill.Smith at jhuapl.edu
Fri Mar 2 13:20:48 UTC 2007
Our network security folks have come to me inquiring about some odd DNS queries that they have been seeing pop up on their IDS's. After reviewing the captures they've provided, I really have no idea what they are for. What we're seeing is some clients sending a standard A record query for the names "UseCustom" and "UseDefs". The destination in the most recent information I received is 220.127.116.11. I've viewed the trace sent to me via Wireshark but it doesn't really report much other than the queries for "UseCustom" and "UseDefs". Has anyone ever seen such queries before and / or can shed some light on what they are for? I'll try to provide further information as requested / needed.
<mailto:bill.smith at jhuapl.edu>
ISS Server Systems Group
Johns Hopkins University Applied Physics Laboratory
11100 Johns Hopkins Road Laurel, MD 20723
More information about the bind-users