[dns-operations] You live in a dump, Quoyle!

[Mark Delany]

(A free DNS lookup for anyone who remembers that movie quote).

I guess I'm just lamenting how much junk DNS traffic there is "out there". I know, I
know. Old news.

I recently built a toy server to experiment with configless ipv6 reverse answers and a
side-effect is that I scrutinized all the queries for an extended period. Big mistake!

Apart from the incessant, apparent DDOS to ANY/pizzaseo.com, ANY/peacecorps.gov and the
like thrown at all port 53 ipv4 addresses, there is also the inexplicable and also
incessant ANY/sl. queries. What they do or who they are meant to hurt, I have no clue.

But even the good guys are pretty unrelenting:

I see 60+ queries per day, every day for TXT/a.b.qnamemin-test.nlnetlabs.nl coming from
just three AWS instances. Is that really nlnetlabs? If so, what are they hoping to
measure?

Similarly:

30/day A/ip.parrotdns.com by censys-scanner.com
24/day A/cb00780e.asert-dns-research.com

And what hetzner.com are up to I also have no clue, but they're pretty incessantly sending
qmin type A queries.

I know that the reverse range being queried is not very active, so these reverse queries
are definitely not being triggered by outbound connections.

Speaking of qname minimization, hoy boy, do they generate a lot of extra queries in the
ipv6 reverse tree! I do wonder what secrets are being kept safe by not telling a parent
name server what lower level PTR someone is after, but I'm sure there's good justification
for it.

Not that it's a lot of traffic and I know there is zero I can do about it, but I'm down to
30% of queries actually returning an answer, with >50% returning qmin NOERRORs and the rest
REFUSED.


Bah humbug.


Mark.

PS. Rotten Tomatoes gets it wrong with this one.