[dns-operations] s3.amazonaws.com problem?

Daniel Stirnimann daniel.stirnimann at switch.ch
Wed Oct 23 13:37:32 UTC 2019


That's the question section.

Apparently, there is no NXDOMAIN below *.s3.amazonaws.com. For the time
frame I looked at, all of these random label queries ( I counted 271'199
) were answered with NOERROR.

Daniel

On 23.10.19 15:28, Jelte Jansen wrote:
> 
> are you showing the answers or is it really sending *cname* queries?
> 
> Jelte
> 
> anecdotal 2 cents on aws dns issues: I definitely noticed their problems last night, from what I could tell it wasn't only s3 but all the amazon aws dns services; they were simply dropping many queries. When I checked about 8 hours ago it seemed so have been resolved.
> 
> 
> On 10/23/19 2:37 PM, Daniel Stirnimann wrote:
>> I have located a host in our network which sends such queries the
>> network resolver (which we operate):
>>
>> mqfgioo5.s3.amazonaws[.]com. IN CNAME
>> 6l-dpfrn.s3.amazonaws[.]com. IN CNAME
>> 2idg5c42.s3.amazonaws[.]com. IN CNAME
>> qzq3uz5m.s3.amazonaws[.]com. IN CNAME
>> nenkxm2p.s3.amazonaws[.]com. IN CNAME
>> yk2max6j.s3.amazonaws[.]com. IN CNAME
>> qhcbric2.s3.amazonaws[.]com. IN CNAME
>> wg-jmekf.s3.amazonaws[.]com. IN CNAME
>> dnwn2ip1.s3.amazonaws[.]com. IN CNAME
>> 711o385.s3.amazonaws[.]com. IN CNAME
>> rn0v02a6.s3.amazonaws[.]com. IN CNAME
>> pm1a3a4t.s3.amazonaws[.]com. IN CNAME
>> 0xc.tibo.s3.amazonaws[.]com. IN CNAME
>> 76jt.m9g.s3.amazonaws[.]com. IN CNAME
>> 4tjc8hp.s3.amazonaws[.]com. IN CNAME
>> b-.9ft7y.s3.amazonaws[.]com. IN CNAME
>>
>> Interestingly, it also sends other suspicious queries such as:
>>
>> . IN TYPE1847
>> . IN TYPE1847
>> . IN TYPE567
>> . IN TYPE1847
>> . IN TYPE567
>> . IN TYPE1847
>> . IN TYPE1847
>> . IN TYPE1900
>> . IN TYPE823
>> . IN TYPE1900
>> . IN TYPE1847
>> 7a4. IN TYPE868
>> . IN TYPE1847
>> . IN TYPE1847
>> . IN TYPE1900
>> . IN TYPE1847
>> . IN TYPE1847
>> 3n2y. IN TYPE612
>> . IN TYPE311
>> . IN TYPE1900
>>
>> However, these are mostly answered from cache because of aggressive use
>> of DNSSEC-validated cache. Still, I guess root server operators may see
>> an increase in queries with unassigned query types.
>>
>> Daniel
>> _______________________________________________
>> dns-operations mailing list
>> dns-operations at lists.dns-oarc.net
>> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
>>


More information about the dns-operations mailing list