[dns-operations] Root-servers returning TC=1 after 5 NXDOMAINS

John Wobus jw354 at cornell.edu
Fri Feb 13 16:30:49 UTC 2015


> these are unique queries, the name changes for each one. But as Paul  
> Vixie
> elucidated, from the root-server perspective, these are all answers  
> from one
> zone though, the root zone.  And that is where RRL kicks in.

You have to ask yourself what this site is doing that generates these  
queries.
I'm sure there are legitimate reasons but I'm not sure the Internet is
going to be able to handle every otherwise-legitimate survey/whatever.

If an app is "legitimately" generating this many NXDOMAINs, perhaps it
should be managing its own RDNS, with appropriate expertise at hand.

I suppose one could attack an innocent site by inducing it to do such  
lookups,
e.g. filling your PTR records with non-existent domains then hitting  
ports that
"check" by doing a reverse lookup, then validating with a forward  
lookup.

John Wobus
Cornell University IT



More information about the dns-operations mailing list