underscores in A queries

John W. Blue john.blue at rrcic.com
Fri Apr 9 18:58:03 UTC 2021

It would seem that underscores is one of those characters in DNS that leads a double life.

RFC’s say that underscores are disallowed for use in hostnames but SRV records use it to indicate service type et al.  And then you have the acm-validations.aws geniuses who use it their hostnames to validate domain ownership to issue SSL certs never mind it that the format completely screws up the design and architecture of your subzones.


(not a fan of Route53 BTW .. and now they say they can “do” DNSSEC.  lol)

So while there is more to talk about with underscores the real answer to your question is what do those records resolve to?  SIP or TCP or whatever?  Using the DNS query answer will provide the clue as to why those questions are being asked.


From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Kevin K
Sent: Friday, April 09, 2021 1:28 PM
To: bind-users at lists.isc.org
Subject: underscores in A queries


I've been parsing my query logs to watch for unusual/unexpected lookups, and I notice quite a few A queries with underscores, often in patterns like


often followed by




Can someone tell me what these are and what the underscores mean?



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210409/c5639314/attachment.htm>

More information about the bind-users mailing list