[dns-operations] Anybody know the reason for dev and dev.home DNS queries?

Yasuhiro Orange Morishita / 森下泰宏 yasuhiro at jprs.co.jp
Tue Feb 6 06:32:00 UTC 2018 

Hi,

> Anybody know what is the cause of these queries? I tried googling, but
> clearly google skills aren't good enough.

I have found the same situation in Reddit.
The poster reported resetting the router and pi is effective,
but a few days after, the same pattern has returned.

Something is hammering dev and dev.Home : pihole
<https://www.reddit.com/r/pihole/comments/64q35l/something_is_hammering_dev_and_devhome/>

-- Orange

-- 
Yasuhiro 'Orange' Morishita <yasuhiro at jprs.co.jp>

From: sthaug at nethelp.no
Date: Sat, 03 Feb 2018 12:45:05 +0100 (CET)

> Yesterday around 19:00 UTC our resolvers started receiving significant
> number of A queries for dev and dev.home. The queries seem to be coming
> from all over our customer base, and the same clients are asking the
> same questions repeatedly, as in
> 
> 12:39:22.463999 IP 81.191.187.50.55370 > 193.75.75.193.53: 12+ A? dev. (21)
> 12:39:22.491596 IP 81.191.187.50.49679 > 193.75.75.193.53: 13+ A? dev.Home. (26)
> 12:39:22.941006 IP 81.191.187.50.42348 > 193.75.75.193.53: 4+ A? dev. (21)
> 12:39:22.968832 IP 81.191.187.50.51374 > 193.75.75.193.53: 5+ A? dev.Home. (26)
> 12:39:23.036843 IP 81.191.187.50.58315 > 193.75.75.193.53: 8+ A? dev. (21)
> 12:39:23.064707 IP 81.191.187.50.53462 > 193.75.75.193.53: 9+ A? dev.Home. (26)
> 12:39:23.132926 IP 81.191.187.50.52533 > 193.75.75.193.53: 12+ A? dev. (21)
> 12:39:23.160834 IP 81.191.187.50.39345 > 193.75.75.193.53: 13+ A? dev.Home. (26)
> 
> (repeat ad nauseam)
> 
> We're currently receiving many thousands of qps for these two names.
> Anybody know what is the cause of these queries? I tried googling, but
> clearly google skills aren't good enough.
> 
> Steinar Haug, AS2116
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>

More information about the dns-operations mailing list