[dns-operations] Best Resources for Deep Dive Understanding of DNS
sthaug at nethelp.no
sthaug at nethelp.no
Wed Jan 7 09:07:41 UTC 2015
> I am seeing a lot of them (9,997) with Transaction ID of 0x04d2. This seems to be something odd (but again I still need to learn a lot more about the decisions implementations make with their queries) but it gives me a feeling of a hard coded request.
...
> I believe this may be a hard coded query from TP Link routers (only supposition at this point) but it seems logical. We use mostly TP Link routers around the network and behind the 321 query IP Address is a cluster of them and a hand check of the addresses in the list indicates they are TP Link devices as well. I will try set our reference router up in the lab and run a test against it to confirm.
Hard coded query ID indeed - 0x04d2 = 1234 :-)
Seeing quite a bit of it here too, interspersed with queries for
www.tp-link.com with the same query ID - seems to support your theory.
Steinar Haug, AS 2116
More information about the dns-operations
mailing list