[dns-operations] Someone on this list doing some empty non-terminal testing?
David C Lawrence
tale at akamai.com
Thu Mar 2 21:07:43 UTC 2017
We're seeing some weird traffic that isn't really a problem, but was
peculiar enough to want to ask others about.
There's an AWS IP that has hit several dozen unrelated zones hosted on
us, specifically looking for a set of names under an empty
non-terminal. The IP hasn't shown up in any other bad-actor
reputation data, and isn't a high volume of queries. It is consistent
however in asking for:
(store|secure|www|ssl|mail).$EMPTY-NON-TERMINAL.$ZONE.
Anyone else seen this?
More information about the dns-operations
mailing list