Peculiar DNS queries

Gaurav Kansal gaurav.kansal at
Sun Dec 22 17:43:24 UTC 2019

Sent from my iPhone

> On 22-Dec-2019, at 11:02 PM, h.reindl at wrote:
>> Am 22.12.19 um 18:28 schrieb Paul Kosinski via bind-users:
>> Every so often, we get a run of peculiar queries to our (BIND / named)
>> DNS server. Note the apparently random mix of lower case and upper case
>> letters in the domain names.
>> Does anybody have any idea why somebody would be doing this? (It's
>> legal, I guess, but quite non-standard.)
>> Dec 22 12:05:43 iment0 named[10333]: client (Www.IMent.coM): query: Www.IMent.coM IN AAAA -E (
>> Dec 22 12:05:44 iment0 named[10333]: client (Www.iMent.Com): query: Www.iMent.Com IN AAAA -E (
>> Dec 22 12:05:44 iment0 named[10333]: client (WWw.imENT.cOm): query: WWw.imENT.cOm IN A -E (
>> Dec 22 12:05:44 iment0 named[10333]: client (WWw.IMeNt.cOM): query: WWw.IMeNt.cOM IN A -E (
> because it#s some idiotic bot, typical network noise
No. Not because of Bot. 
It’s a technique to provide additional “spoof detection” capabilities to the DNS service.

> [harry at srv-rhsoft:~]$ whois
> NetRange: -
> CIDR: 
> NetName:        SMSV-BLK-1
> NetHandle:      NET-216-55-96-0-1
> Parent:         NET216 (NET-216-0-0-0-0)
> NetType:        Direct Allocation
> OriginAS:
> Organization:   Smart Servers (SMSV)
> _______________________________________________
> Please visit to unsubscribe from this list
> bind-users mailing list
> bind-users at


This e-mail and its attachments may contain official Indian Government information. If you are not the intended recipient, please notify the sender immediately and delete this e-mail. Any dissemination or use of this information by a person other than the intended recipient is unauthorized. The responsibility lies with the recipient to check this email and any attachment for the presence of viruses.   

More information about the bind-users mailing list