nanog mailing list archives
Probes from root servers
From: "Pederson, Krishna" <Pederson () covad com>
Date: Thu, 16 Jul 2009 15:56:29 -0700
One of our IP addresses is being probed by up to 8 of the 13 root dns servers every 15 seconds. I'm looking for input on how to contact the admins for the servers or perhaps a way to figure out if perhaps someone is spoofing the affected customer IP address, causing the root servers to send the following: sh mls netflow ip destination 74.1.32.205 /32 module 2 Displaying Netflow entries in module 2 DstIP SrcIP Prot:SrcPort:DstPort Src i/f :AdjPtr ----------------------------------------------------------------------------- Pkts Bytes Age LastSeen Attributes --------------------------------------------------- 74.1.32.205 193.0.14.129 udp :dns :1039 Fa2/11 :0x0 0 0 1 22:49:03 L3 - Dynamic 74.1.32.205 202.12.27.33 udp :dns :1039 Fa2/11 :0x0 0 0 2 22:49:03 L3 - Dynamic 74.1.32.205 192.36.148.17 udp :dns :1039 Fa2/11 :0x0 0 0 2 22:49:03 L3 - Dynamic Is it practical to attempt to work the issue with the root server admins or is it quite likely this is spoofing and there's no hope to track this down? Thanks, Kris
Current thread:
- Probes from root servers Pederson, Krishna (Jul 16)
- Re: Probes from root servers John Kristoff (Jul 16)
- Re: Probes from root servers bmanning (Jul 17)