[dns-operations] Odd MX queries

Fred Morris m3047 at m3047.net
Mon Mar 11 16:42:28 UTC 2013

On Mon, 11 Mar 2013, Daniel Stirnimann wrote:
> Since a few hours we see quite a large volume of MX queries on our TLD
> as well as 2nd-level name-servers.

Testing that a relay is valid MX for a domain is a common practice
for SPAM classification.

You say the traffic you see is "odd", so I presume you've ruled that out.
Ex: could be a busy mailserver, somebody could be running against a large
previously captured corpus..

If they're generating large numbers of repeat queries in a short period
(e.g. more than a handful within the TTL for the RRs returned) then maybe
they need to place a caching resolver in front of their box. ;-) Of course
if these are ANSWER=0 responses maybe the caching resolver isn't caching
the responses...


Fred Morris

More information about the dns-operations mailing list