<span id="result_box" class="" lang="en"><span class="hps">is a possibility</span> <span class="hps">but we are</span> <span class="hps">talking about a</span> <span class="hps">query every</span> <span class="hps">few seconds,</span> <span class="hps">not</span> <span class="hps">minutes, actually</span><span>.</span> <span class="hps">An additional fact</span> <span class="hps">is that queries</span> <span class="hps">come from</span> <span class="hps">thousands</span> <span class="hps">of different clients</span> <span class="hps">and</span> <span class="hps">the source port</span><span>,</span> <span class="hps">in most</span> <span class="hps">cases is</span> <span class="hps">3072.</span></span><br>
<br><div class="gmail_quote">On Thu, Mar 1, 2012 at 5:27 PM, Doug Barton <span dir="ltr"><<a href="mailto:dougb@dougbarton.us">dougb@dougbarton.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
one lookup every 2 minutes sounds like a monitoring tool checking for<br>
outside world connectivity.<br>
<div class="im"><br>
<br>
On 3/1/2012 11:21 AM, Dario Aguilar wrote:<br>
> Hi Heather, these queries reach our resolvers all day for at least more<br>
> than 1 year and have been increasing over time. Not all customers<br>
> consult every 2 seconds, some do it less frequently but steadily.<br>
><br>
> On Thu, Mar 1, 2012 at 3:04 PM, Schiller, Heather A<br>
</div><div class="im">> <<a href="mailto:heather.schiller@verizon.com">heather.schiller@verizon.com</a> <mailto:<a href="mailto:heather.schiller@verizon.com">heather.schiller@verizon.com</a>>> wrote:<br>
><br>
><br>
> Warm up for later this month? Is it every 2 seconds continuously or<br>
> intermittently? When did it start?<br>
><br>
> --Heather<br>
><br>
> -----Original Message-----<br>
> From: Dario Aguilar [mailto:<a href="mailto:dariojaguilar@gmail.com">dariojaguilar@gmail.com</a><br>
> <mailto:<a href="mailto:dariojaguilar@gmail.com">dariojaguilar@gmail.com</a>>]<br>
> Sent: Friday, January 13, 2012 4:34 PM<br>
> To: <a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br>
</div><div class="im">> <mailto:<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a>><br>
> Subject: Many dns queries to <a href="http://a.root-servers.net" target="_blank">a.root-servers.net</a><span onmouseout="cancel = false; window.setTimeout(WRCHideContent, 1000); clearTimeout(showTimer);" onmouseover=" var self = this; showTimer = window.setTimeout(function(){WRCShowContent({'rating':{'value':-1,'weight':-1},'flags':{},'single':false,'ttl':7200,'expireTime':'20120301055608'}, self.className)},600);" class="wrc0" style="padding-right:16px;width:16px;height:16px"></span><br>
</div><div class="im">> <<a href="http://a.root-servers.net" target="_blank">http://a.root-servers.net</a><span onmouseout="cancel = false; window.setTimeout(WRCHideContent, 1000); clearTimeout(showTimer);" onmouseover=" var self = this; showTimer = window.setTimeout(function(){WRCShowContent({'rating':{'value':-1,'weight':-1},'flags':{},'single':false,'ttl':7200,'expireTime':'20120301055608'}, self.className)},600);" class="wrc0" style="padding-right:16px;width:16px;height:16px"></span>><br>
><br>
> Hi, I'm seeing quite a lot of queries for "<a href="http://a.root-servers.net" target="_blank">a.root-servers.net</a><span onmouseout="cancel = false; window.setTimeout(WRCHideContent, 1000); clearTimeout(showTimer);" onmouseover=" var self = this; showTimer = window.setTimeout(function(){WRCShowContent({'rating':{'value':-1,'weight':-1},'flags':{},'single':false,'ttl':7200,'expireTime':'20120301055608'}, self.className)},600);" class="wrc0" style="padding-right:16px;width:16px;height:16px"></span><br>
</div>> <<a href="http://a.root-servers.net" target="_blank">http://a.root-servers.net</a><span onmouseout="cancel = false; window.setTimeout(WRCHideContent, 1000); clearTimeout(showTimer);" onmouseover=" var self = this; showTimer = window.setTimeout(function(){WRCShowContent({'rating':{'value':-1,'weight':-1},'flags':{},'single':false,'ttl':7200,'expireTime':'20120301055608'}, self.className)},600);" class="wrc0" style="padding-right:16px;width:16px;height:16px"></span>>IN A" in the logs of my caching servers.<br>
<div class="HOEnZb"><div class="h5">> They seem to be coming from home normal DSL customers (IPs who would<br>
> be expected to be using the name servers) with each sending one<br>
> query every 2 seconds.<br>
> They all together represents more than de 10% of the total queries.<br>
> I am guessing it is probably some sort of<br>
> spyware/malware/virus/router/O.S.<br>
> version but I was wondering if anyone knows offhand?<br>
<br>
<br>
</div></div><span class="HOEnZb"><font color="#888888">--<br>
If you're never wrong, you're not trying hard enough<br>
</font></span></blockquote></div><br>