[dns-operations] weird queries for mx1.mx2.mx1.mx2...

Rose, Scott W. (Fed) scott.rose at nist.gov
Mon Mar 30 11:06:01 UTC 2020 

With mta-sts in the name, my guess is it is a bug in a MTA-STS processing tool used by some email sender.  Maybe someone from the email sender community has some insight?

Scott

-- 
Scott Rose, NIST ITL
scott.rose at nist.gov
ph: +1-301-975-8439
GVoice: +1-571-249-3671
 

On 3/30/20, 5:56 AM, "dns-operations on behalf of Petr Špaček" <dns-operations-bounces at dns-oarc.net on behalf of petr.spacek at nic.cz> wrote:

    Hello everyone,
    
    while debugging some resolution problems we have notices really weird queries, seemingly related to e-mail delivery. This is query list for domain truckinsurancekentucky.com:
    
    mx1.mx1.mx1.mx1.mx1.mx2.mx1.mx2.mx1.mta-sts.mx1.mx1.mx2.mx2.mta-sts.mx1.mx1.truckinsurancekentucky.com. AAAA
    
    mx1.mx1.mx1.mx2.mx1.mx2.mx1.mx2.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx1.mx2.mx2.truckinsurancekentucky.com. A
    
    mx1.mx2.mx1.mx1.mx1.mx1.mx1.mx2.mx1.mx1.mta-sts.mx1.mx2.mx2.mx2.mx1.truckinsurancekentucky.com. A
    
    mx1.mx2.mx1.mx1.mx2.mx1.mx1.mx2.mx1.mx1.mx1.mx1.mx2.mx1.mx2.mta-sts.mx1.truckinsurancekentucky.com. NS
    
    mx1.mx2.mx1.mx2.mx2.mx1.mx1.mx1.mx1.mx2.mta-sts.mx1.mx1.mx2.mta-sts.mx2.mx2.truckinsurancekentucky.com. AAAA
    
    mx1.mx2.mx2.mx1.mx2.mx2.mx1.mx2.mx2.mx2.mx2.mx1.mx2.mx1.mx2.mx1.mx1.mx1.truckinsurancekentucky.com. A
    
    mx2.mx1.mx1.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx2.mta-sts.mx1.mx2.mta-sts.mx1.mx2.mx1.truckinsurancekentucky.com. NS
    
    mx2.mx1.mx2.mx1.mx1.mx2.mx1.mx2.mx1.mx2.mx1.mx1.mx1.mx1.mta-sts.mx1.mx2.mx2.truckinsurancekentucky.com. NS
    
    mx2.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx1.mx2.mx1.mx1.mx1.mta-sts.mx1.mx2.truckinsurancekentucky.com. A
    
    mx2.mx2.mx1.mx1.mx2.mx1.mx2.mx1.mx1.mta-sts.mx1.mx2.mx1.mx1.mta-sts.mx2.mx2.truckinsurancekentucky.com. AAAA
    
    mx2.mx2.mx1.mx2.mx1.mx1.mx1.mx2.mx1.mx1.mx1.mx1.mx1.truckinsurancekentucky.com. AAAA
    
    mx2.mx2.mx1.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx1.mx1.mx1.mta-sts.mx1.mx2.mx2.mx2.truckinsurancekentucky.com. A
    
    Domain truckinsurancekentucky.com is not the only one with this weird behavior. Does anyone have an idea what is causing this?
    
    (We have access only to anonymized data so we are unable to pinpoint responsible client.)
    
    -- 
    Petr Špaček  @  CZ.NIC
    _______________________________________________
    dns-operations mailing list
    dns-operations at lists.dns-oarc.net
    https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.dns-oarc.net%2Fmailman%2Flistinfo%2Fdns-operations&data=02%7C01%7Cscott.rose%40nist.gov%7C1bda85ff3a8344ec7e6308d7d4908cca%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637211589617184738&sdata=3YCswvrSR%2Bus8QFnB77Cz8RVsSqcDlRQJq%2FDsqaeczw%3D&reserved=0

More information about the dns-operations mailing list