[dns-operations] You live in a dump, Quoyle!

Willem Toorop willem at nlnetlabs.nl
Thu Feb 17 13:22:39 UTC 2022


Hi Mark,

Op 13-02-2022 om 06:38 schreef Mark Delany:
> I see 60+ queries per day, every day for TXT/a.b.qnamemin-test.nlnetlabs.nl coming from
> just three AWS instances. Is that really nlnetlabs? If so, what are they hoping to
> measure?

These are not coming from NLnet Labs'! We target
"qnamemintest.internet.nl TXT" with our RIPE Atlas measurements and not
the qname you are seeing. Besides the different qname, those
measurements target the probe resolvers and should not end up at
authoritative servers. My colleague Philip Homburg, had a look in *all*
public RIPE Atlas measurements and couldn't find one for that qname either.

I made that qnamemintest.nlnetlabs.nl in May 2019, as an alternative for
the internet.nl test, to look in certain cases in which
qnamemintest.internet.nl returned a false positive. I can remove it if
you like to see if that makes a difference...

Cheers,

-- Willem

> 
> Similarly:
> 
> 30/day A/ip.parrotdns.com by censys-scanner.com
> 24/day A/cb00780e.asert-dns-research.com
> 
> And what hetzner.com are up to I also have no clue, but they're pretty incessantly sending
> qmin type A queries.
> 
> I know that the reverse range being queried is not very active, so these reverse queries
> are definitely not being triggered by outbound connections.
> 
> Speaking of qname minimization, hoy boy, do they generate a lot of extra queries in the
> ipv6 reverse tree! I do wonder what secrets are being kept safe by not telling a parent
> name server what lower level PTR someone is after, but I'm sure there's good justification
> for it.
> 
> Not that it's a lot of traffic and I know there is zero I can do about it, but I'm down to
> 30% of queries actually returning an answer, with >50% returning qmin NOERRORs and the rest
> REFUSED.
> 
> 
> Bah humbug.
> 
> 
> Mark.
> 
> PS. Rotten Tomatoes gets it wrong with this one.
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations



More information about the dns-operations mailing list