Full Disclosure mailing list archives
Re: FW: Question for DNS pros
From: "Paul Rolland" <rol () witbe net>
Date: Mon, 26 Jul 2004 08:58:48 +0200
Hello,
I've altered the real hostname on our network to "targethost" and altered the querying IP to x.x.x.x for privacy reasons. All these queries are *from* the same host. This pattern is *typical* of what I'm seeing from a *number of diverse hosts* from all over the world. 22:06:10.294071 x.x.x.x.2566 > targethost.utdallas.edu.domain: 29462 NS? . (17) 22:06:11.043050 x.x.x.x.2566 > targethost.utdallas.edu.domain: 29463 NS? . (17) 22:06:11.791218 x.x.x.x.2566 > targethost.utdallas.edu.domain: 29464 NS? . (17)
Seems to be a query for the NS for the "." (root) zone. The machine sending the queries is probably configured to use your server as a complete DNS resolver and transfer all its queries to your server. Regards, Paul _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Question for DNS pros, (continued)
- Re: Question for DNS pros Dave Yingling (Jul 25)
- Re: Question for DNS pros Steffen Schumacher (Jul 25)
- Re: Question for DNS pros Roberto Navarro (Jul 23)
- Re: Question for DNS pros Nils Ketelsen (Jul 25)
- FW: Question for DNS pros Suzi and Harold VanPatten (Jul 25)
- Re: FW: Question for DNS pros Paul Schmehl (Jul 24)
- Re: FW: Question for DNS pros Paul Rolland (Jul 25)
- Re: FW: Question for DNS pros Paul Schmehl (Jul 25)
- Re: FW: Question for DNS pros Frank Knobbe (Jul 25)
- Re: FW: Question for DNS pros Paul Schmehl (Jul 25)
- Re: FW: Question for DNS pros Paul Rolland (Jul 26)
- Re: FW: Question for DNS pros Paul Schmehl (Jul 26)
- Re: FW: Question for DNS pros Paul Rolland (Jul 27)
- Re: FW: Question for DNS pros Paul Schmehl (Jul 24)