[dns-operations] MX record scanning
Sebastian Castro
sebastian at nzrs.net.nz
Mon May 9 20:25:30 UTC 2011
On 05/10/2011 06:55 AM, Stephane Bortzmeyer wrote:
> On Mon, May 09, 2011 at 09:06:06AM -0700,
> Carlos Vicente <cvicente.lists at gmail.com> wrote
> a message of 155 lines which said:
>
>> In the last week or so I've noticed a significant increase in
>> queries per second on one of our authoritative servers, which
>> happens to be secondary for a number of TLDs. A quick inspection of
>> the traffic patterns seems to indicate an MX record scanning process
>
> It seems in the same league as the MX scanning seen by .CL and
> reported by Mauricio Vergara Ereche at the OARC meeting in San
> Francisco
> <https://www.dns-oarc.net/files/workshop-201103/20110314-ccNSO-Query-Storm_affecting_CL-mave.pdf>. You
> should compare your pcap files.
>
SIDN (.NL) reported similar situation long time ago with "retries" from
time to time. We NZRS (.NZ) see that too, as well as, CIRA (.CA).
> (Also, at least one CENTR member saw "the same" in January and
> reported it on an internal CENTR mailing list.)
>
Cheers,
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the dns-operations
mailing list