Strange DNS Queries

Smith, William E. (Bill), Jr. Bill.Smith at
Fri Mar 2 13:20:48 UTC 2007

Our network security folks have come to me inquiring about some odd DNS queries that they have been seeing pop up on their IDS's.  After reviewing the captures they've provided, I really have no idea what they are for.  What we're seeing is some clients sending a standard A record query for the names "UseCustom" and "UseDefs".  The destination in the most recent information I received is  I've viewed the trace sent to me via Wireshark but it doesn't really report much other than the queries for "UseCustom" and "UseDefs".  Has anyone ever seen such queries before and / or can shed some light on what they are for?    I'll try to provide further information as requested / needed.
Bill Smith
<mailto:bill.smith at>
ISS Server Systems Group
Johns Hopkins University Applied Physics Laboratory 
11100 Johns Hopkins Road Laurel, MD 20723
Phone:  443-778-5523 

More information about the bind-users mailing list