[dns-operations] getcacheddhcpresultsforcurrentconfig

Mark Picone mark.picone at deakin.edu.au
Sun Dec 16 21:41:46 UTC 2018


I checked the last 30 days of queries (910 Million+) for Deakin University and we have only 50 queries in total which are similar (and look search domain related).
The device which made these queries has a MAC vendor prefix from "HUAWEI TECHNOLOGIES CO.,LTD" (a4:ca:a0:xx:xx:xx).

Sample data:
pool.ntp.org.getcacheddhcpresultsforcurrentconfig
mobile-ap.spotify.com.getcacheddhcpresultsforcurrentconfig
connectivitycheck.android.com.getcacheddhcpresultsforcurrentconfig
b.scorecardresearch.com.getcacheddhcpresultsforcurrentconfig
portal.fb.com.getcacheddhcpresultsforcurrentconfig
edge-mqtt.facebook.com.getcacheddhcpresultsforcurrentconfig
play.googleapis.com.getcacheddhcpresultsforcurrentconfig
mtalk.google.com.getcacheddhcpresultsforcurrentconfig
pool.ntp.org.getcacheddhcpresultsforcurrentconfig
www.google.com.getcacheddhcpresultsforcurrentconfig
mobile-ap.spotify.com.getcacheddhcpresultsforcurrentconfig
connectivitycheck.android.com.getcacheddhcpresultsforcurrentconfig
pushtrs6.push.hicloud.com.getcacheddhcpresultsforcurrentconfig

Regards,

Mark Picone
Senior Systems Administrator
Deakin eSolutions

Deakin University
Geelong Waterfront Campus
1 Gheringhap Street, Geelong, VIC 3220
Phone: +61 3 52479505
Deakin University CRICOS Provider Code 00113B


-----Original Message-----
From: dns-operations <dns-operations-bounces at dns-oarc.net> On Behalf Of Florian Weimer
Sent: Saturday, 15 December 2018 10:14 PM
To: Roy Arends <roy.arends at icann.org>
Cc: dns-operations <dns-operations at dns-oarc.net>
Subject: Re: [dns-operations] getcacheddhcpresultsforcurrentconfig

* Roy Arends:

> Has anyone observed the string “getcacheddhcpresultsforcurrentconfig” before?
>
> It is one of the most queried for top level domains by many different
> source addresses. My suspicion is that is configured as a search
> domain in some (equivalent of) resolv,conf on a widespread device.

This software <https://github.com/SivanLiu/HwFrameWorkSource> seems to use the string for in-band signaling:

|   if (dhcpResults != null) {
|       WifiStateMachine.this.stopIpClient();
|       dhcpResults.domains = "getCachedDhcpResultsForCurrentConfig";

<https://github.com/SivanLiu/HwFrameWorkSource/blob/0c5f7a1ad8074c12b0a830e49e6e1e1df575e0cd/Mate20_9_0_0/src/main/java/com/android/server/wifi/WifiStateMachine.java#L2573>

I can't read the README file unfortunately, but perhaps it's sufficiently widely deployed to explain the observations.

Thanks,
Florian

_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-operations mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Important Notice: The contents of this email are intended solely for the named addressee and are confidential; any unauthorised use, reproduction or storage of the contents is expressly prohibited. If you have received this email in error, please delete it and any attachments immediately and advise the sender by return email or telephone.

Deakin University does not warrant that this email and any attachments are error or virus free.



More information about the dns-operations mailing list