[dns-operations] MX record scanning
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon May 9 18:55:19 UTC 2011
On Mon, May 09, 2011 at 09:06:06AM -0700,
Carlos Vicente <cvicente.lists at gmail.com> wrote
a message of 155 lines which said:
> In the last week or so I've noticed a significant increase in
> queries per second on one of our authoritative servers, which
> happens to be secondary for a number of TLDs. A quick inspection of
> the traffic patterns seems to indicate an MX record scanning process
It seems in the same league as the MX scanning seen by .CL and
reported by Mauricio Vergara Ereche at the OARC meeting in San
Francisco
<https://www.dns-oarc.net/files/workshop-201103/20110314-ccNSO-Query-Storm_affecting_CL-mave.pdf>. You
should compare your pcap files.
(Also, at least one CENTR member saw "the same" in January and
reported it on an internal CENTR mailing list.)
More information about the dns-operations
mailing list