[dns-operations] weird queries for mx1.mx2.mx1.mx2...

Maarten Wullink maarten.wullink at sidn.nl
Mon Mar 30 09:50:08 UTC 2020


i’ll send you some samples from .nl off list.

Best,
Maarten

--
Maarten Wullink | Research Engineer
SIDN | Meander 501 | 6825 MD | Postbus 5022 | 6802 EA | ARNHEM
T +31 (0)26 352 55 45 | M +31 (0)6 21 26 87 55
maarten.wullink at sidn.nl | www.sidn.nl
pgp key: http://pgp.mit.edu/pks/lookup?op=get&search=0x4F2A495C4B1BF08B

> On 30 Mar 2020, at 11:18, Petr Špaček <petr.spacek at nic.cz> wrote:
> 
> Hello everyone,
> 
> while debugging some resolution problems we have notices really weird queries, seemingly related to e-mail delivery. This is query list for domain truckinsurancekentucky.com:
> 
> mx1.mx1.mx1.mx1.mx1.mx2.mx1.mx2.mx1.mta-sts.mx1.mx1.mx2.mx2.mta-sts.mx1.mx1.truckinsurancekentucky.com. AAAA
> 
> mx1.mx1.mx1.mx2.mx1.mx2.mx1.mx2.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx1.mx2.mx2.truckinsurancekentucky.com. A
> 
> mx1.mx2.mx1.mx1.mx1.mx1.mx1.mx2.mx1.mx1.mta-sts.mx1.mx2.mx2.mx2.mx1.truckinsurancekentucky.com. A
> 
> mx1.mx2.mx1.mx1.mx2.mx1.mx1.mx2.mx1.mx1.mx1.mx1.mx2.mx1.mx2.mta-sts.mx1.truckinsurancekentucky.com. NS
> 
> mx1.mx2.mx1.mx2.mx2.mx1.mx1.mx1.mx1.mx2.mta-sts.mx1.mx1.mx2.mta-sts.mx2.mx2.truckinsurancekentucky.com. AAAA
> 
> mx1.mx2.mx2.mx1.mx2.mx2.mx1.mx2.mx2.mx2.mx2.mx1.mx2.mx1.mx2.mx1.mx1.mx1.truckinsurancekentucky.com. A
> 
> mx2.mx1.mx1.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx2.mta-sts.mx1.mx2.mta-sts.mx1.mx2.mx1.truckinsurancekentucky.com. NS
> 
> mx2.mx1.mx2.mx1.mx1.mx2.mx1.mx2.mx1.mx2.mx1.mx1.mx1.mx1.mta-sts.mx1.mx2.mx2.truckinsurancekentucky.com. NS
> 
> mx2.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx1.mx2.mx1.mx1.mx1.mta-sts.mx1.mx2.truckinsurancekentucky.com. A
> 
> mx2.mx2.mx1.mx1.mx2.mx1.mx2.mx1.mx1.mta-sts.mx1.mx2.mx1.mx1.mta-sts.mx2.mx2.truckinsurancekentucky.com. AAAA
> 
> mx2.mx2.mx1.mx2.mx1.mx1.mx1.mx2.mx1.mx1.mx1.mx1.mx1.truckinsurancekentucky.com. AAAA
> 
> mx2.mx2.mx1.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx1.mx1.mx1.mta-sts.mx1.mx2.mx2.mx2.truckinsurancekentucky.com. A
> 
> Domain truckinsurancekentucky.com is not the only one with this weird behavior. Does anyone have an idea what is causing this?
> 
> (We have access only to anonymized data so we are unable to pinpoint responsible client.)
> 
> --
> Petr Špaček  @  CZ.NIC
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200330/b57360c9/attachment.sig>


More information about the dns-operations mailing list