underscores in A queries

Ondřej Surý ondrej at isc.org
Fri Apr 9 21:11:24 UTC 2021

Those are qname minimization queries.

Because DNS implementations (especially in load-balancers) are so broken, the qname minimizing resolver can’t ask for:

<domain> IN NS

because that often doesn’t work, but when it asks:

_.<domain> IN A

the resolver will get the correct answer.

Unfortunately, this is the world we are living in...

Ondřej Surý (He/Him)
ondrej at isc.org

> On 9. 4. 2021, at 20:28, Kevin K <bind at kretz.net> wrote:
> Hi,
> I've been parsing my query logs to watch for unusual/unexpected lookups, and I notice quite a few A queries with underscores, often in patterns like
> _.domainname.com
> often followed by
> _.xyz.domainname.com
> or
> _.domainname.com.mydomain.com
> Can someone tell me what these are and what the underscores mean?
> thanks
> Kevin
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210409/522bda3d/attachment-0001.bin>

More information about the bind-users mailing list