Re: Unusual DNS requests (not related to previous DNS thread)

[woods () weird com (Greg A. Woods)]

[ On Thursday, January 17, 2002 at 20:22:52 (-0600), measl () mfn org wrote: ]
> Subject: Re: Unusual DNS requests (not related to previous DNS thread)
>
> Sorry I failed to post the mask (/24).  And I thoroughly realize that even as
> a /24 this is not necessarily an "invalid" request, merely a
> "strange" request for a machine not local to the subnet.

It's not even vaguely strange.  PLEASE read RFC 1101!!!!!

Even if the zone "xxx.xxx.xx.in-addr.arpa" (for whatever value of 'x's
you curiously obfuscated for no possibly valid reason -- information
published in the DNS is public knowledge, by definition) is not
officially delegated to your nameserver, it's not unlikely for some
other mis-configured nameserver to believe yours might be able to answer
such a query.

Finally it's entirely possible some curious soul was simply asking your
nameserver directly if it knew any network name for that IP network.

In the end NO properly formed DNS query is ever "strange" or "freaky" or
even unexpected, even if there's no nameserver advertised at the
destination address!  Expect anything -- you will get it.

-- 
                                                                Greg A. Woods

+1 416 218-0098;  <gwoods () acm org>;  <g.a.woods () ieee org>;  <woods () robohack ca>
Planix, Inc. <woods () planix com>; VE3TCP; Secrets of the Weird <woods () weird com>

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com