[dns-operations] Question about logger querys with registers points to 127.0.0.1
David C Lawrence
tale at akamai.com
Thu Oct 15 16:34:29 UTC 2015
Eduardo Romero Urra writes:
> Not always the querys points to resolv host with result '127.0.0.1' , but
> the strange is the origen marked as localhost came from, and always logs
> using "EDNS mechanism" ( -E ), previously came from a regular query, for
> example
I'm sure the EDNS part is a red herring, and what I suspect is
happening is that specifically an NS record for the domain is being
pointed to a name that resolves as 127.1.
Like, in the case of that f5-hk01.gtm.lenovo.com name, it occasionally
shows up as the target of an NS, with the 127.1 address in the
additionals section. So the resolver dutifully tries to talk to it in
pursuit of whatever name it was trying to figure out.
Now the thing about localhost is that since it is internally
co-ordinated by your machine, the outgoing request that the nameserver
sends is not from its normal external request, but instead it is
source from 127.1 to go to 127.1. That's why it shows up in the log
that way.
More information about the dns-operations
mailing list