Automatic . NS queries from BIND
Gaurav Kansal
gaurav.kansal at nic.in
Mon Jun 15 12:56:10 UTC 2015
Dear Team,
My caching DNS server is generating log of . NS queries to ROOT Servers.
I have a hint file in my bind configuration and the same is up-to date.
The same behavior is occurring in multiple versions of BIND (tested on 9.7,
9.9 and on 9.10).
It must be for some purpose (may be BIND doesn't trust hint file and cross
check it from root servers).
Can anyone put some light on this.
Sample tcpdump output :-
15:36:42.440831 IP anydnsmby.27938 > k.root-servers.net.domain: 38907 [1au]
NS? . (28)
15:36:43.241203 IP anydnsmby.52261 > f.root-servers.net.domain: 3841 [1au]
NS? . (28)
15:36:43.624041 IP anydnsmby.48889 > k.root-servers.net.domain: 6314 [1au]
NS? . (28)
15:36:44.424047 IP anydnsmby.65507 > c.root-servers.net.domain: 27973 [1au]
NS? . (28)
15:37:42.071574 IP anydnsmby.38958 > i.root-servers.net.domain: 53519 [1au]
NS? 117.240.177.150. (44)
15:40:11.121122 IP anydnsmby.7941 > i.root-servers.net.domain: 62400 [1au]
NS? 1.mr. (33)
15:45:52.780062 IP anydnsmby.49432 > e.root-servers.net.domain: 54241+
[1au] NS? . (28)
15:45:59.341780 IP anydnsmby.34368 > e.root-servers.net.domain: 55928+
[1au] NS? . (28)
15:46:04.487088 IP anydnsmby.35621 > e.root-servers.net.domain: 7266+ [1au]
NS? . (28)
15:46:35.453029 IP anydnsmby.62875 > i.root-servers.net.domain: 4129 [1au]
NS? comp-HP. (36)
16:16:13.747955 IP anydnsmby.39690 > a.root-servers.net.domain: 8774+ [1au]
NS? . (28)
16:16:20.845363 IP anydnsmby.36994 > e.root-servers.net.domain: 63433+
[1au] NS? . (28)
16:16:36.746049 IP anydnsmby.42878 > a.root-servers.net.domain: 48439+
[1au] NS? . (28)
16:16:42.060534 IP anydnsmby.41018 > j.root-servers.net.domain: 5347+ [1au]
NS? . (28)
16:16:49.081649 IP anydnsmby.53661 > e.root-servers.net.domain: 54768+
[1au] NS? . (28)
16:51:14.034065 IP anydnsmby.38025 > k.root-servers.net.domain: 52771 [1au]
NS? 116.73.202.141. (43)
16:51:14.835539 IP anydnsmby.19616 > i.root-servers.net.domain: 14926 [1au]
NS? 116.73.202.141. (43)
17:25:16.706395 IP anydnsmby.58045 > i.root-servers.net.domain: 30880 [1au]
NS? 2.mr. (33)
17:25:16.707072 IP anydnsmby.38495 > i.root-servers.net.domain: 43451 [1au]
NS? 6.mr. (33)
17:25:16.707989 IP anydnsmby.35834 > i.root-servers.net.domain: 61843 [1au]
NS? 3.mr. (33)
17:56:44.855060 IP anydnsmby.61903 > a.root-servers.net.domain: 23284 [1au]
NS? 172.192.168.2. (42)
Regards,
Gaurav Kansal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20150615/bf52a2cd/attachment.html>
More information about the bind-users
mailing list