[dns-operations] Anybody know the reason for dev and dev.home DNS queries?
sthaug at nethelp.no
sthaug at nethelp.no
Sat Feb 3 11:45:05 UTC 2018
Yesterday around 19:00 UTC our resolvers started receiving significant
number of A queries for dev and dev.home. The queries seem to be coming
from all over our customer base, and the same clients are asking the
same questions repeatedly, as in
12:39:22.463999 IP 81.191.187.50.55370 > 193.75.75.193.53: 12+ A? dev. (21)
12:39:22.491596 IP 81.191.187.50.49679 > 193.75.75.193.53: 13+ A? dev.Home. (26)
12:39:22.941006 IP 81.191.187.50.42348 > 193.75.75.193.53: 4+ A? dev. (21)
12:39:22.968832 IP 81.191.187.50.51374 > 193.75.75.193.53: 5+ A? dev.Home. (26)
12:39:23.036843 IP 81.191.187.50.58315 > 193.75.75.193.53: 8+ A? dev. (21)
12:39:23.064707 IP 81.191.187.50.53462 > 193.75.75.193.53: 9+ A? dev.Home. (26)
12:39:23.132926 IP 81.191.187.50.52533 > 193.75.75.193.53: 12+ A? dev. (21)
12:39:23.160834 IP 81.191.187.50.39345 > 193.75.75.193.53: 13+ A? dev.Home. (26)
(repeat ad nauseam)
We're currently receiving many thousands of qps for these two names.
Anybody know what is the cause of these queries? I tried googling, but
clearly google skills aren't good enough.
Steinar Haug, AS2116
More information about the dns-operations
mailing list