[dns-operations] Anyone else seeing an idiotic amount of dictionary NS lookups from 67.220.195.242?

John Kristoff jtk at cymru.com
Tue Nov 23 17:23:04 UTC 2010


On Wed, 24 Nov 2010 11:12:21 -0500
Jake Zack <jake.zack at cira.ca> wrote:

> 23-Nov-2010 11:06:47.029 queries: info: client 67.220.195.242#59733:  
> query: elsternwick316-320roadglenhuntly.ca IN NS -

Hi Jake,

I've not seen that source hitting a number of random resolvers and
servers I have insight into.  I have seen evidence of it issuing
queries to other large upper level hierarchy authoritative name servers
like .ca. I've also seen evidence that it is performing lots of whois
(TCP port 43) queries as well.

I shot a note off to webnx, the hosting provider, to see if they could
investigate.

John



More information about the dns-operations mailing list