[dns-operations] s3.amazonaws.com problem?

[Jelte Jansen]

are you showing the answers or is it really sending *cname* queries?

Jelte

anecdotal 2 cents on aws dns issues: I definitely noticed their problems last night, from what I could tell it wasn't only s3 but all the amazon aws dns services; they were simply dropping many queries. When I checked about 8 hours ago it seemed so have been resolved.


On 10/23/19 2:37 PM, Daniel Stirnimann wrote:
> I have located a host in our network which sends such queries the
> network resolver (which we operate):
> 
> mqfgioo5.s3.amazonaws[.]com. IN CNAME
> 6l-dpfrn.s3.amazonaws[.]com. IN CNAME
> 2idg5c42.s3.amazonaws[.]com. IN CNAME
> qzq3uz5m.s3.amazonaws[.]com. IN CNAME
> nenkxm2p.s3.amazonaws[.]com. IN CNAME
> yk2max6j.s3.amazonaws[.]com. IN CNAME
> qhcbric2.s3.amazonaws[.]com. IN CNAME
> wg-jmekf.s3.amazonaws[.]com. IN CNAME
> dnwn2ip1.s3.amazonaws[.]com. IN CNAME
> 711o385.s3.amazonaws[.]com. IN CNAME
> rn0v02a6.s3.amazonaws[.]com. IN CNAME
> pm1a3a4t.s3.amazonaws[.]com. IN CNAME
> 0xc.tibo.s3.amazonaws[.]com. IN CNAME
> 76jt.m9g.s3.amazonaws[.]com. IN CNAME
> 4tjc8hp.s3.amazonaws[.]com. IN CNAME
> b-.9ft7y.s3.amazonaws[.]com. IN CNAME
> 
> Interestingly, it also sends other suspicious queries such as:
> 
> . IN TYPE1847
> . IN TYPE1847
> . IN TYPE567
> . IN TYPE1847
> . IN TYPE567
> . IN TYPE1847
> . IN TYPE1847
> . IN TYPE1900
> . IN TYPE823
> . IN TYPE1900
> . IN TYPE1847
> 7a4. IN TYPE868
> . IN TYPE1847
> . IN TYPE1847
> . IN TYPE1900
> . IN TYPE1847
> . IN TYPE1847
> 3n2y. IN TYPE612
> . IN TYPE311
> . IN TYPE1900
> 
> However, these are mostly answered from cache because of aggressive use
> of DNSSEC-validated cache. Still, I guess root server operators may see
> an increase in queries with unassigned query types.
> 
> Daniel
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>