[dns-operations] Odd MX queries
Vernon Schryver
vjs at rhyolite.com
Mon Mar 11 15:10:21 UTC 2013
> From: Daniel Stirnimann <daniel.stirnimann at switch.ch>
> So, its clearly not normal resolver behavior as the query question is
> not repeated and the RD bit is set (EDNS0 and DO bit is not used/set).
> The client is using a large number of different domains and so evading
> DNS-RRL. For example, within 15 minutes 3070 different query-names are
> used. Within 60 minutes 4716 and within 4 hours 11193 different
> query-names. The query-name which is repeated most is asked every 6-7
> seconds.
>
> Has anyone an idea what the source of this traffic pattern is? It's also
> interesting to note that quite a lot of 2nd-level queries result in
> NXDOMAIN responses.
Which RRL implementation are you using? If it is the BIND9 RRL
implementation, then how are the NXDOMAIN responses evading that limit?
Vernon Schryver vjs at rhyolite.com
More information about the dns-operations
mailing list