Preventing a particular type of nameserver abuse
Peter Coghlan
bind at beyondthepale.ie
Tue Sep 21 10:15:15 UTC 2021
I started this thread back in April in response to high levels of abuse of
my nameserver. A short summary of the discussion which resulted is that
bind does not provide any way of preventing abuse I was experiencing. (The
abuse was clearly designed to get past any use of rate-limiting to mitigate
it.)
In the last month or so, the level of abuse has declined significantly.
I don't know whether this is because I have been keeping a very close eye
on traffic incoming to my nameserver and I have been aggressively packet
filtering queries which seem to be probing for the existance of nameservers
to exploit or whether the abuse would have declined anyway without any
intervention by me. I still see these probes hitting my filters regularly
from some netblocks I have filtered and occasionally they arrive from
addresses I was previously unaware of. Provided I filter these quickly
when I come across them, the level of abuse seems to stay relatively low,
most of the time.
Today I noticed the traffic below arriving from a netblock I had filtered
many years ago for reasons other than nameserver abuse. I have never
seen anything like this before arrive at my nameserver. I would be
interested to know what the experts think bind might have made of this
traffic had it not been filtered out. I have included some of the more
usual probes before and after the more interesting traffic for context.
Regards,
Peter Coghlan.
09:50:12.36 207.244.251.243.41020 > 192.168.80.24.53: 64379+ A? www.hitnslab.cn. (33) (DF) [tos 0x8]
4508 003d c124 4000 3211 aada cff4 fbf3 E..=.$@.2.......
c0a8 5018 a03c 0035 0029 0000 fb7b 0100 ..P..<.5.)...{..
0001 0000 0000 0000 0377 7777 0868 6974 .........www.hit
6e73 6c61 6202 636e 0000 0100 01 nslab.cn.....
09:50:12.36 207.244.251.243.54076 > 192.168.80.24.53: 3073+ A? www.paypal.com. (32) (DF) [tos 0x8]
4508 003c c123 4000 3111 abdc cff4 fbf3 E..<.#@.1.......
c0a8 5018 d33c 0035 0028 0000 0c01 0100 ..P..<.5.(......
0001 0000 0000 0000 0377 7777 0670 6179 .........www.pay
7061 6c03 636f 6d00 0001 0001 pal.com.....
09:57:34.71 104.237.154.253.58759 > 192.168.80.24.53: 18245 updateD [b2&3=0x5420] [18516a] [12064q] [21584n] [12081au] (29)
4500 0039 d431 0000 ef11 e2d6 68ed 9afd E..9.1......h...
c0a8 5018 e587 0035 0025 0000 4745 5420 ..P....5.%..GET
2f20 4854 5450 2f31 2e31 0d0a 486f 7374 / HTTP/1.1..Host
3a20 7777 770d 0a0d 0a : www....
09:57:34.72 192.168.80.24.53 > 104.237.154.253.58759: 18245 updateD FormErr- [0q] 0/0/0 (12)
4500 0028 8d61 0000 4011 d8b8 c0a8 5018 E..(.a.. at .....P.
68ed 9afd 0035 e587 0014 ee16 4745 d001 h....5......GE..
0000 0000 0000 0000 ........
09:57:46.16 68.183.137.43.55859 > 192.168.80.24.53: 6+ TXT CHAOS)? version.bind. (30) (DF)
4500 003a 758a 4000 3211 f485 44b7 892b E..:u. at .2...D..+
c0a8 5018 da33 0035 0026 23eb 0006 0100 ..P..3.5.&#.....
0001 0000 0000 0000 0776 6572 7369 6f6e .........version
0462 696e 6400 0010 0003 .bind.....
09:57:47.66 68.183.137.43.55700 > 192.168.80.24.53: 0 stat [0q] Type0 (Class 0)? . (12) (DF)
4500 0028 765b 4000 3211 f3c6 44b7 892b E..(v[@.2...D..+
c0a8 5018 d994 0035 0014 3759 0000 1000 ..P....5..7Y....
0000 0000 0000 0000 0000 0000 0000 ..............
09:57:49.17 68.183.137.43.45866 > 192.168.80.24.53: 29438 op3+ [b2&3=0x1d13] [0q] [2au] Type390 (Class 40960)? . (40) (DF)
4500 0044 77b8 4000 3211 f24d 44b7 892b E..Dw. at .2..MD..+
c0a8 5018 b32a 0035 0030 bf58 72fe 1d13 ..P..*.5.0.Xr...
0000 0000 0000 0002 0001 86a0 0001 977c ...............|
0000 0000 0000 0000 0000 0000 0000 0000 ................
0000 0000 ....
09:57:50.67 68.183.137.43.48542 > 192.168.80.24.53: 33008 [b2&3=0x10] SRV? CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA. (50) (DF)
4500 004e 78c0 4000 3211 f13b 44b7 892b E..Nx. at .2..;D..+
c0a8 5018 bd9e 0035 003a a3c9 80f0 0010 ..P....5.:......
0001 0000 0000 0000 2043 4b41 4141 4141 ........ CKAAAAA
4141 4141 4141 4141 4141 4141 4141 4141 AAAAAAAAAAAAAAAA
4141 4141 4141 4141 4100 0021 0001 AAAAAAAAA..!..
09:57:52.17 68.183.137.43.56294 > 192.168.80.24.53: 26725 updateMA [b2&3=0x6c70] [3338a] [3338q] Type0 (Class 0)? . (8) (DF)
4500 0024 7955 4000 3211 f0d0 44b7 892b E..$yU at .2...D..+
c0a8 5018 dbe6 0035 0010 5625 6865 6c70 ..P....5..V%help
0d0a 0d0a 0000 0000 0000 0000 0000 ..............
09:57:53.67 68.183.137.43.44144 > 192.168.80.24.53: 20304 updateD [b2&3=0x5449] [21280a] [20302q] [29545n] [28730au] (229) (DF)
4500 0101 79ba 4000 3211 ef8e 44b7 892b E...y. at .2...D..+
c0a8 5018 ac70 0035 00ed a11e 4f50 5449 ..P..p.5....OPTI
4f4e 5320 7369 703a 6e6d 2053 4950 2f32 ONS sip:nm SIP/2
2e30 0d0a 5669 613a 2053 4950 2f32 2e30 .0..Via: SIP/2.0
2f55 4450 206e 6d3b 6272 616e 6368 3d66 /UDP nm;branch=f
6f6f 3b72 706f 7274 0d0a 4672 6f6d 3a20 oo;rport..From:
3c73 6970 3a6e 6d40 6e6d 3e3b 7461 673d <sip:nm at nm>;tag=
726f 6f74 0d0a 546f 3a20 3c73 6970 3a6e root..To: <sip:n
6d32 406e 6d32 3e0d 0a43 616c 6c2d 4944 m2 at nm2>..Call-ID
3a20 3530 3030 300d 0a43 5365 713a 2034 : 50000..CSeq: 4
3220 4f50 5449 4f4e 530d 0a4d 6178 2d46 2 OPTIONS..Max-F
6f72 7761 7264 733a 2037 300d 0a43 6f6e orwards: 70..Con
7465 6e74 2d4c 656e 6774 683a 2030 0d0a tent-Length: 0..
436f 6e74 6163 743a 203c 7369 703a 6e6d Contact: <sip:nm
406e 6d3e 0d0a 4163 6365 7074 3a20 6170 @nm>..Accept: ap
706c 6963 6174 696f 6e2f 7364 700d 0a0d plication/sdp...
0a .
09:57:55.17 68.183.137.43.42246 > 192.168.80.24.53: 512 [0q] Type0 (Class 0)? . (1) (DF)
4500 001d 7ac7 4000 3211 ef65 44b7 892b E...z. at .2..eD..+
c0a8 5018 a506 0035 0009 79fd 0200 0000 ..P....5..y.....
0000 0000 0000 0000 0000 0000 0000 ..............
09:57:56.67 68.183.137.43.53804 > 192.168.80.24.53: 58112 [b2&3=0x4fa] [1n] Type0 (Class 0)? . (48) (DF)
4500 004c 7c06 4000 3211 edf7 44b7 892b E..L|. at .2...D..+
c0a8 5018 d22c 0035 0038 b93c e300 04fa ..P..,.5.8.<....
0001 0000 0001 0000 0000 0000 0000 0000 ................
0000 0000 0000 0000 0000 0000 0000 0000 ................
0000 0000 c54f 234b 71b1 52f3 .....O#Kq.R.
09:57:58.18 68.183.137.43.59209 > 192.168.80.24.53: 12418 [b2&3=0x2f] [4a] [513q] [1648n] [30050au] (51) (DF)
4500 004f 7c22 4000 3211 edd8 44b7 892b E..O|"@.2...D..+
c0a8 5018 e749 0035 003b 562c 3082 002f ..P..I.5.;V,0../
0201 0004 0670 7562 6c69 63a0 8200 2002 .....public... .
044c 33a7 5602 0100 0201 0030 8200 1030 .L3.V......0...0
8200 0c06 082b 0601 0201 0105 0005 00 .....+.........
09:57:59.68 68.183.137.43.47568 > 192.168.80.24.53: 12346 [b2&3=0x201] [3842a] [816q] [586n] [26882au] (60) (DF)
4500 0058 7c49 4000 3211 eda8 44b7 892b E..X|I at .2...D..+
c0a8 5018 b9d0 0035 0044 1ee4 303a 0201 ..P....5.D..0:..
0330 0f02 024a 6902 0300 ffe3 0401 0402 .0...Ji.........
0103 0410 300e 0400 0201 0002 0100 0400 ....0...........
0400 0400 3012 0400 0400 a00c 0202 37f0 ....0.........7.
0201 0002 0100 3000 ......0.
09:58:01.18 68.183.137.43.40638 > 192.168.80.24.53: 1 [b2&3=0x2] Type0 (Class 0)? . (7) (DF)
4500 0023 7d31 4000 3211 ecf5 44b7 892b E..#}1 at .2...D..+
c0a8 5018 9ebe 0035 000f 8235 0001 0002 ..P....5...5....
0001 0000 0000 0000 0000 0000 0000 ..............
09:58:02.68 68.183.137.43.42808 > 192.168.80.24.53: 0+ [b2&3=0x3e7] [0q] [101au] Type0 (Class 0)? . (32) (DF)
4500 003c 7e78 4000 3211 eb95 44b7 892b E..<~x at .2...D..+
c0a8 5018 a738 0035 0028 683c 0000 03e7 ..P..8.5.(h<....
0000 0000 0000 0065 0000 0000 0000 0000 .......e........
0d05 0000 0000 0000 0000 0000 ............
09:58:04.18 68.183.137.43.46024 > 192.168.80.24.53: 0 PTR? _services._dns-sd._udp.local. (46) (DF)
4500 004a 7f55 4000 3211 eaaa 44b7 892b E..J.U at .2...D..+
c0a8 5018 b3c8 0035 0036 36c8 0000 0000 ..P....5.66.....
0001 0000 0000 0000 095f 7365 7276 6963 ........._servic
6573 075f 646e 732d 7364 045f 7564 7005 es._dns-sd._udp.
6c6f 6361 6c00 000c 0001 local.....
09:58:05.68 68.183.137.43.39672 > 192.168.80.24.53: 7680+ [b2&3=0x130] [43235a] [765q] Type0 (Class 0)? . (30) (DF)
4500 003a 8051 4000 3211 e9be 44b7 892b E..:.Q at .2...D..+
c0a8 5018 9af8 0035 0026 bac0 1e00 0130 ..P....5.&.....0
02fd a8e3 0000 0000 0000 0000 0000 0000 ................
0000 0000 0000 0000 0000 ..........
09:58:07.19 68.183.137.43.54977 > 192.168.80.24.53: 27265 updateMA [b2&3=0x6e30] [41219a] [33131q] [513n] [1442au] (113) (DF)
4500 008d 816a 4000 3211 e852 44b7 892b E....j at .2..RD..+
c0a8 5018 d6c1 0035 0079 32c7 6a81 6e30 ..P....5.y2.j.n0
816b a103 0201 05a2 0302 010a a481 5e30 .k............^0
5ca0 0703 0500 5080 0010 a204 1b02 4e4d \.....P.......NM
a317 3015 a003 0201 00a1 0e30 0c1b 066b ..0........0...k
7262 7467 741b 024e 4da5 1118 0f31 3937 rbtgt..NM....197
3030 3130 3130 3030 3030 305a a706 0204 00101000000Z....
1f1e b9d9 a817 3015 0201 1202 0111 0201 ......0.........
1002 0117 0201 0102 0103 0201 02 .............
09:58:08.69 68.183.137.43.52974 > 192.168.80.24.53: 6912 [b2&3=0x3d] [0q] [4675n] [20302au] (61) (DF)
4500 0059 82b6 4000 3211 e73a 44b7 892b E..Y.. at .2..:D..+
c0a8 5018 ceee 0035 0045 aa81 1b00 003d ..P....5.E.....=
0000 0000 1243 4f4e 4e45 4354 494f 4e4c .....CONNECTIONL
4553 535f 5444 5300 0000 0100 0004 0005 ESS_TDS.........
0005 0000 0102 0000 0301 0104 0800 0000 ................
0000 0000 0007 0204 b1 .........
09:58:10.19 68.183.137.43.34783 > 192.168.80.24.53: 64 updateD [133a] [0q] [23988n] [37160au] Type0 (Class 0)? . (64) (DF)
4500 005c 8426 4000 3211 e5c7 44b7 892b E..\.&@.2...D..+
c0a8 5018 87df 0035 0048 118e 0040 5000 ..P....5.H... at P.
0000 0085 5db4 9128 0000 0000 0001 7c91 ....]..(......|.
4000 0000 aa39 da42 3765 cf01 0000 0000 @....9.B7e......
0000 0000 0000 0000 0000 0000 0000 0000 ................
0000 0000 0000 0000 0000 0000 ............
09:58:11.69 68.183.137.43.60636 > 192.168.80.24.53: 5886 zoneRef*-| [0q] 0/0/0 (67) (DF)
4500 005f 859b 4000 3211 e44f 44b7 892b E.._.. at .2..OD..+
c0a8 5018 ecdc 0035 004b 7519 16fe ff00 ..P....5.Ku.....
0000 0000 0000 0000 3601 0000 2a00 0000 ........6...*...
0000 0000 2afe fd00 0000 007c 7740 1e8a ....*......|w at ..
c822 a0a0 18ff 9308 caac 0a64 2fc9 2264 .".........d/."d
bc08 a816 8919 3000 0000 0200 2f01 00 ......0...../..
09:58:13.19 68.183.137.43.33918 > 192.168.80.24.53: 3465 op8 Resp12 [7210q] 65532/61777/14649[|domain] (DF)
4500 002a 86b5 4000 3211 e36a 44b7 892b E..*.. at .2..jD..+
c0a8 5018 847e 0035 0016 4d93 0d89 c19c ..P..~.5..M.....
1c2a fffc f151 3939 3900 0000 0000 .*...Q999.....
09:58:14.70 68.183.137.43.51419 > 192.168.80.24.53: 19757 updateD+ [b2&3=0x5345] [17224a] [16722q] [8234n] [8264au] (93) (DF)
4500 0079 881c 4000 3211 e1b4 44b7 892b E..y.. at .2...D..+
c0a8 5018 c8db 0035 0065 d80b 4d2d 5345 ..P....5.e..M-SE
4152 4348 202a 2048 5454 502f 312e 310d ARCH * HTTP/1.1.
0a48 4f53 543a 2032 3339 2e32 3535 2e32 .HOST: 239.255.2
3535 2e32 3530 3a31 3930 300d 0a4d 414e 55.250:1900..MAN
3a20 7373 6470 3a64 6973 636f 7665 720d : ssdp:discover.
0a4d 583a 2031 300d 0a53 543a 2073 7364 .MX: 10..ST: ssd
703a 616c 6c0d 0a0d 0a p:all....
09:58:16.20 68.183.137.43.60756 > 192.168.80.24.53: 19757 updateD+ [b2&3=0x5345] [17224a] [16722q] [8234n] [8264au] (100) (DF)
4500 0080 884b 4000 3211 e17e 44b7 892b E....K at .2..~D..+
c0a8 5018 ed54 0035 006c 5dd3 4d2d 5345 ..P..T.5.l].M-SE
4152 4348 202a 2048 5454 502f 312e 310d ARCH * HTTP/1.1.
0a48 4f53 543a 2032 3339 2e32 3535 2e32 .HOST: 239.255.2
3535 2e32 3530 3a31 3930 300d 0a4d 414e 55.250:1900..MAN
3a20 7373 6470 3a64 6973 636f 7665 720d : ssdp:discover.
0a4d 583a 2031 300d 0a53 543a 2075 706e .MX: 10..ST: upn
703a 726f 6f74 6465 7669 6365 0d0a 0d0a p:rootdevice....
09:58:20.70 68.183.137.43.34589 > 192.168.80.24.53: 0 [b2&3=0xf8] [0q] Type0 (Class 0)? . (4) (DF)
4500 0020 8aa9 4000 3211 df80 44b7 892b E.. .. at .2...D..+
c0a8 5018 871d 0035 000c 98e8 0000 00f8 ..P....5........
0000 0000 0000 0000 0000 0000 0000 ..............
09:58:22.20 68.183.137.43.42930 > 192.168.80.24.53: 32980 inv_q ServFail*-| [0q] 0/0/2 (64) (DF)
4500 005c 8bf8 4000 3211 ddf5 44b7 892b E..\.. at .2...D..+
c0a8 5018 a7b2 0035 0048 68ac 80d4 8f52 ..P....5.Hh....R
0000 0000 0000 0002 5555 5555 0000 0001 ........UUUU....
0000 0001 0000 0000 0000 0000 0000 0000 ................
0000 0000 ffff 5512 0000 003c 0000 0001 ......U....<....
0000 0002 0000 0000 0000 0000 ............
09:58:23.71 68.183.137.43.51912 > 192.168.80.24.53: 15423 zoneRef [b2&3=0x786d] [30309a] [27680q] [29299n] [26991au] (702) (DF)
4500 02da 8d65 4000 3211 da0a 44b7 892b E....e at .2...D..+
c0a8 5018 cac8 0035 02c6 3ae8 3c3f 786d ..P....5..:.<?xm
6c20 7665 7273 696f 6e3d 2231 2e30 2220 l version="1.0"
656e 636f 6469 6e67 3d22 5554 462d 3822 encoding="UTF-8"
3f3e 3c45 6e76 656c 6f70 6520 786d 6c6e ?><Envelope xmln
733d 2268 7474 703a 2f2f 7777 772e 7733 s="http://www.w3
2e6f 7267 2f32 3030 332f 3035 2f73 6f61 .org/2003/05/soa
702d 656e 7665 6c6f 7065 223e 3c48 6561 p-envelope"><Hea
6465 7220 786d 6c6e 733a 613d 2268 7474 der xmlns:a="htt
703a 2f2f 7363 6865 6d61 732e 786d 6c73 p://schemas.xmls
6f61 702e 6f72 672f 7773 2f32 3030 342f oap.org/ws/2004/
3038 2f61 6464 7265 7373 696e 6722 3e3c 08/addressing"><
613a 4163 7469 6f6e 206d 7573 7455 6e64 a:Action mustUnd
6572 7374 616e 643d 2231 223e 6874 7470 erstand="1">http
3a2f 2f73 6368 656d 6173 2e78 6d6c 736f ://schemas.xmlso
6170 2e6f 7267 2f77 732f 3230 3035 2f30 ap.org/ws/2005/0
342f 6469 7363 6f76 6572 792f 5072 6f62 4/discovery/Prob
653c 2f61 3a41 6374 696f 6e3e 3c61 3a4d e</a:Action><a:M
6573 7361 6765 4944 3e38 3130 6537 6437 essageID>810e7d7
642d 3364 6366 2d34 6565 342d 6133 6337 d-3dcf-4ee4-a3c7
2d33 6564 3935 3766 3330 3063 343c 2f61 -3ed957f300c4</a
3a4d 6573 7361 6765 4944 3e3c 613a 5265 :MessageID><a:Re
706c 7954 6f3e 3c61 3a41 6464 7265 7373 plyTo><a:Address
3e68 7474 703a 2f2f 7363 6865 6d61 732e >http://schemas.
786d 6c73 6f61 702e 6f72 672f 7773 2f32 xmlsoap.org/ws/2
3030 342f 3038 2f61 6464 7265 7373 696e 004/08/addressin
672f 726f 6c65 2f61 6e6f 6e79 6d6f 7573 g/role/anonymous
3c2f 613a 4164 6472 6573 733e 3c2f 613a </a:Address></a:
5265 706c 7954 6f3e 3c61 3a54 6f20 6d75 ReplyTo><a:To mu
7374 556e 6465 7273 7461 6e64 3d22 3122 stUnderstand="1"
3e75 726e 3a73 6368 656d 6173 2d78 6d6c >urn:schemas-xml
736f 6170 2d6f 7267 3a77 733a 3230 3035 soap-org:ws:2005
3a30 343a 6469 7363 6f76 6572 793c 2f61 :04:discovery</a
3a54 6f3e 3c2f 4865 6164 6572 3e3c 426f :To></Header><Bo
6479 3e3c 5072 6f62 6520 786d 6c6e 733d dy><Probe xmlns=
2268 7474 703a 2f2f 7363 6865 6d61 732e "http://schemas.
786d 6c73 6f61 702e 6f72 672f 7773 2f32 xmlsoap.org/ws/2
3030 352f 3034 2f64 6973 636f 7665 7279 005/04/discovery
223e 3c54 7970 6573 2078 6d6c 6e73 3a64 "><Types xmlns:d
7030 3d22 6874 7470 3a2f 2f77 7777 2e6f p0="http://www.o
6e76 6966 2e6f 7267 2f76 6572 3130 2f6e nvif.org/ver10/n
6574 776f 726b 2f77 7364 6c22 3e64 7030 etwork/wsdl">dp0
3a4e 6574 776f 726b 5669 6465 6f54 7261 :NetworkVideoTra
6e73 6d69 7474 6572 3c2f 5479 7065 733e nsmitter</Types>
3c2f 5072 6f62 653e 3c2f 426f 6479 3e3c </Probe></Body><
2f45 6e76 656c 6f70 653e /Envelope>
09:58:25.21 68.183.137.43.36005 > 192.168.80.24.53: 25649 op7 [b2&3=0x3a61] [14953a] [25650q] [25650n] [12346au] (92) (DF)
4500 0078 8dba 4000 3211 dc17 44b7 892b E..x.. at .2...D..+
c0a8 5018 8ca5 0035 0064 6ba0 6431 3a61 ..P....5.dk.d1:a
6432 3a69 6432 303a 6162 6364 6566 6768 d2:id20:abcdefgh
696a 3031 3233 3435 3637 3839 363a 7461 ij01234567896:ta
7267 6574 3230 3a6d 6e6f 7071 7273 7475 rget20:mnopqrstu
7677 7879 7a31 3233 3435 3665 313a 7139 vwxyz123456e1:q9
3a66 696e 645f 6e6f 6465 313a 7432 3a61 :find_node1:t2:a
6131 3a79 313a 7165 a1:y1:qe
09:58:26.71 68.183.137.43.53193 > 192.168.80.24.53: 65535 zoneRef NoChange*| [8524q] 24480/1280/0[|domain] (DF)
4500 002d 8e59 4000 3211 dbc3 44b7 892b E..-.Y at .2...D..+
c0a8 5018 cfc9 0035 0019 b94b ffff ffff ..P....5...K....
214c 5fa0 0500 0000 08d2 0910 0000 !L_...........
09:58:28.21 68.183.137.43.44811 > 192.168.80.24.53: 65280 [255a] [0q] Type0 (Class 0)? . (16) (DF)
4500 002c 8f3d 4000 3211 dae0 44b7 892b E..,.=@.2...D..+
c0a8 5018 af0b 0035 0018 71da ff00 0000 ..P....5..q.....
0000 00ff 0000 0000 0000 0000 0000 ..............
10:05:19.43 104.244.79.213.55128 > 192.168.80.24.53: 13551+ TXT CHAOS)? VERSION.BIND. (30) [tos 0x8]
4508 003a d431 0000 f411 28ef 68f4 4fd5 E..:.1....(.h.O.
c0a8 5018 d758 0035 0026 0000 34ef 0100 ..P..X.5.&..4...
0001 0000 0000 0000 0756 4552 5349 4f4e .........VERSION
0442 494e 4400 0010 0003 .BIND.....
11:30:28.85 104.244.79.213.57860 > 192.168.80.24.53: 13551+ TXT CHAOS)? VERSION.BIND. (30) [tos 0x8]
4508 003a d431 0000 f411 28ef 68f4 4fd5 E..:.1....(.h.O.
c0a8 5018 e204 0035 0026 0000 34ef 0100 ..P....5.&..4...
0001 0000 0000 0000 0756 4552 5349 4f4e .........VERSION
0442 494e 4400 0010 0003 .BIND.....
11:34:11.68 107.189.13.63.47998 > 192.168.80.24.53: 27+ ANY? pizzaseo.com. (30) [tos 0x8]
4508 003a d431 0000 f411 68bc 6bbd 0d3f E..:.1....h.k..?
c0a8 5018 bb7e 0035 0026 0000 001b 0100 ..P..~.5.&......
0001 0000 0000 0000 0870 697a 7a61 7365 .........pizzase
6f03 636f 6d00 00ff 0001 o.com.....
More information about the bind-users
mailing list