Peculiar DNS queries
gaurav.kansal at nic.in
Sun Dec 22 17:43:24 UTC 2019
Sent from my iPhone
> On 22-Dec-2019, at 11:02 PM, h.reindl at thelounge.net wrote:
>> Am 22.12.19 um 18:28 schrieb Paul Kosinski via bind-users:
>> Every so often, we get a run of peculiar queries to our (BIND / named)
>> DNS server. Note the apparently random mix of lower case and upper case
>> letters in the domain names.
>> Does anybody have any idea why somebody would be doing this? (It's
>> legal, I guess, but quite non-standard.)
>> Dec 22 12:05:43 iment0 named: client 22.214.171.124#20012 (Www.IMent.coM): query: Www.IMent.coM IN AAAA -E (126.96.36.199)
>> Dec 22 12:05:44 iment0 named: client 188.8.131.52#53150 (Www.iMent.Com): query: Www.iMent.Com IN AAAA -E (184.108.40.206)
>> Dec 22 12:05:44 iment0 named: client 220.127.116.11#27016 (WWw.imENT.cOm): query: WWw.imENT.cOm IN A -E (18.104.22.168)
>> Dec 22 12:05:44 iment0 named: client 22.214.171.124#23417 (WWw.IMeNt.cOM): query: WWw.IMeNt.cOM IN A -E (126.96.36.199)
> because it#s some idiotic bot, typical network noise
No. Not because of Bot.
It’s a technique to provide additional “spoof detection” capabilities to the DNS service.
> [harry at srv-rhsoft:~]$ whois 188.8.131.52
> NetRange: 184.108.40.206 - 220.127.116.11
> CIDR: 18.104.22.168/20
> NetName: SMSV-BLK-1
> NetHandle: NET-216-55-96-0-1
> Parent: NET216 (NET-216-0-0-0-0)
> NetType: Direct Allocation
> Organization: Smart Servers (SMSV)
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.
More information about the bind-users