[dns-operations] Anybody know the reason for dev and dev.home DNS queries?

bjorn.hellqvist at teliacompany.com bjorn.hellqvist at teliacompany.com
Tue Feb 6 15:36:25 UTC 2018 

Hi, 

I can confirm that we also see these. But not even close to the volume you see. 
A guess would be more in the area of 25.000 per hour. 

It would be good to know what is causing this. 

We also see that it pads .dev. or .dev.Home. to regular queries in the end

Like for example:
time.microsoft.akadns.net.Home
graph.facebook.com.Home

or
<WINDOWS-NAME>.Home.

BR,
Bjorn Hellqvist
Senior System Specialist (Internet & DNS)
Telia Company
Solna, Sweden


> -----Original Message-----
> From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On
> Behalf Of sthaug at nethelp.no
> Sent: den 3 februari 2018 12:45
> To: dns-operations at dns-oarc.net
> Subject: [dns-operations] Anybody know the reason for dev and dev.home
> DNS queries?
> 
> Yesterday around 19:00 UTC our resolvers started receiving significant
> number of A queries for dev and dev.home. The queries seem to be coming
> from all over our customer base, and the same clients are asking the same
> questions repeatedly, as in
> 
> 12:39:22.463999 IP 81.191.187.50.55370 > 193.75.75.193.53: 12+ A? dev. (21)
> 12:39:22.491596 IP 81.191.187.50.49679 > 193.75.75.193.53: 13+ A? dev.Home.
> (26)
> 12:39:22.941006 IP 81.191.187.50.42348 > 193.75.75.193.53: 4+ A? dev. (21)
> 12:39:22.968832 IP 81.191.187.50.51374 > 193.75.75.193.53: 5+ A? dev.Home.
> (26)
> 12:39:23.036843 IP 81.191.187.50.58315 > 193.75.75.193.53: 8+ A? dev. (21)
> 12:39:23.064707 IP 81.191.187.50.53462 > 193.75.75.193.53: 9+ A? dev.Home.
> (26)
> 12:39:23.132926 IP 81.191.187.50.52533 > 193.75.75.193.53: 12+ A? dev. (21)
> 12:39:23.160834 IP 81.191.187.50.39345 > 193.75.75.193.53: 13+ A? dev.Home.
> (26)
> 
> (repeat ad nauseam)
> 
> We're currently receiving many thousands of qps for these two names.
> Anybody know what is the cause of these queries? I tried googling, but
> clearly google skills aren't good enough.
> 
> Steinar Haug, AS2116
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-operations mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

More information about the dns-operations mailing list