Peculiar DNS queries
lk at man-da.de
Sun Dec 22 22:36:46 UTC 2019
On Sunday, December 22th 2019, 18:28:48 CET schrieb Paul Kosinski via bind-
> Every so often, we get a run of peculiar queries to our (BIND / named)
> DNS server. Note the apparently random mix of lower case and upper case
> letters in the domain names.
> Does anybody have any idea why somebody would be doing this? (It's
> legal, I guess, but quite non-standard.)
> Dec 22 12:05:43 iment0 named: client 220.127.116.11#20012
> (Www.IMent.coM): query: Www.IMent.coM IN AAAA -E (18.104.22.168)
On Sunday, December 22th 2019, 18:41:27 CET schrieb Gaurav Kansal via bind-
> This is a “spoofing resistance” technique.
> For more info, check “0x20 Bit Encoding”.
for more information about this see
I at first wondered about this, too. ;-)
But it's a technology to add addition entropy to the DNS communication (to
prevent cache poisoning based on spoofed answers), especially for the case the
authoritative Server doesn't support DNS Cookies.
Telefon: +49 6151 16-71027
E-Mail: lk at man-da.de
Sitz der Gesellschaft: Darmstadt
Amtsgericht Darmstadt, HRB 9484
Geschäftsführer: Andreas Ebert
More information about the bind-users