Peculiar DNS queries

Gaurav Kansal gaurav.kansal at nic.in
Sun Dec 22 17:43:24 UTC 2019



Sent from my iPhone

> On 22-Dec-2019, at 11:02 PM, h.reindl at thelounge.net wrote:
> 
> 
> 
>> Am 22.12.19 um 18:28 schrieb Paul Kosinski via bind-users:
>> Every so often, we get a run of peculiar queries to our (BIND / named)
>> DNS server. Note the apparently random mix of lower case and upper case
>> letters in the domain names.
>> 
>> Does anybody have any idea why somebody would be doing this? (It's
>> legal, I guess, but quite non-standard.)
>> 
>> Dec 22 12:05:43 iment0 named[10333]: client 134.0.217.68#20012 (Www.IMent.coM): query: Www.IMent.coM IN AAAA -E (216.55.100.246)
>> 
>> Dec 22 12:05:44 iment0 named[10333]: client 134.0.217.54#53150 (Www.iMent.Com): query: Www.iMent.Com IN AAAA -E (216.55.100.246)
>> 
>> Dec 22 12:05:44 iment0 named[10333]: client 134.0.217.53#27016 (WWw.imENT.cOm): query: WWw.imENT.cOm IN A -E (216.55.100.245)
>> 
>> Dec 22 12:05:44 iment0 named[10333]: client 134.0.217.69#23417 (WWw.IMeNt.cOM): query: WWw.IMeNt.cOM IN A -E (216.55.100.245)
> 
> because it#s some idiotic bot, typical network noise
> 
No. Not because of Bot. 
It’s a technique to provide additional “spoof detection” capabilities to the DNS service.


> [harry at srv-rhsoft:~]$ whois 216.55.100.246
> NetRange:       216.55.96.0 - 216.55.111.255
> CIDR:           216.55.96.0/20
> NetName:        SMSV-BLK-1
> NetHandle:      NET-216-55-96-0-1
> Parent:         NET216 (NET-216-0-0-0-0)
> NetType:        Direct Allocation
> OriginAS:
> Organization:   Smart Servers (SMSV)
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users





Disclaimer:

This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   


More information about the bind-users mailing list