[dns-operations] Many dns queries to a.root-servers.net

Dario Aguilar dariojaguilar at gmail.com
Thu Mar 1 20:42:41 UTC 2012


is a possibility but we are talking about a query every few seconds,
not minutes,
actually. An additional fact is that queries come from thousands of
different clients and the source port, in most cases is 3072.

On Thu, Mar 1, 2012 at 5:27 PM, Doug Barton <dougb at dougbarton.us> wrote:

> one lookup every 2 minutes sounds like a monitoring tool checking for
> outside world connectivity.
>
>
> On 3/1/2012 11:21 AM, Dario Aguilar wrote:
> > Hi Heather, these queries reach our resolvers all day for at least more
> > than 1 year and have been increasing over time. Not all customers
> > consult every 2 seconds, some do it less frequently but steadily.
> >
> > On Thu, Mar 1, 2012 at 3:04 PM, Schiller, Heather A
> > <heather.schiller at verizon.com <mailto:heather.schiller at verizon.com>>
> wrote:
> >
> >
> >     Warm up for later this month?  Is it every 2 seconds continuously or
> >     intermittently?  When did it start?
> >
> >     --Heather
> >
> >     -----Original Message-----
> >     From: Dario Aguilar [mailto:dariojaguilar at gmail.com
> >     <mailto:dariojaguilar at gmail.com>]
> >     Sent: Friday, January 13, 2012 4:34 PM
> >     To: dns-operations at lists.dns-oarc.net
> >     <mailto:dns-operations at lists.dns-oarc.net>
> >     Subject: Many dns queries to a.root-servers.net
> >     <http://a.root-servers.net>
> >
> >     Hi, I'm seeing quite a lot of queries for "a.root-servers.net
> >     <http://a.root-servers.net>IN A" in the logs of my caching servers.
> >     They seem to be coming from home normal DSL customers (IPs who would
> >     be expected to be using the name servers) with each sending one
> >     query every 2 seconds.
> >     They all together represents more than de 10% of the total queries.
> >     I am guessing it is probably some sort of
> >     spyware/malware/virus/router/O.S.
> >     version but I was wondering if anyone knows offhand?
>
>
> --
>    If you're never wrong, you're not trying hard enough
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20120301/fb4dfb48/attachment.html>


More information about the dns-operations mailing list