DNS Query Details from 209.200.168.66

[Dan Kaminsky <dan () doxpara com>]

Great to find people logging DNS traffic :) As mentioned, most of the 
traffic is part of a mechanism for measuring the damage from Sony's 
activities.

WRT the Base32 names--

The Base32 stuff is part of a technique that's attempting to decode the 
actual topology of DNS.  DNS servers can be configured in a forwarding 
relationship, whereby instead of going up to the root servers, they 
access peers.  Sometimes the peer relationships can get quite complex -- 
and these relationships all cause cache pollution that degrades the 
quality of my Sony data.  So I'm working to clean that aspect up:  In 
the Base32 name, there exists a cookie.  The cookie documents the server 
I sent a request to.  I compare the stored IP with the IP that comes 
back to me to resolve a query.  (This technique is mentioned in my 2005 
slides, see www.doxpara.com for details).

The other names -- email me privately for details, if you want to know. 

Let me know if you have any further queries.  My research goal is to be 
aware of threats to the global infrastructure, and Sony's operations do 
appear to have had global consequences (and set a rather terrifying 
example!).

--Dan