This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[dns-wg] PTR-Queries asking for type A or AAAA

Previous message (by thread): [dns-wg] [db-wg] Meanwhile, at ICANN...
Next message (by thread): [dns-wg] PTR-Queries asking for type A or AAAA

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Max Grobecker max.grobecker at ml.grobecker.info
Fri Jan 8 23:32:26 CET 2016

Hello,

today I noticed, that my DNS servers are getting a noticable amount of DNS queries for my IPv4 reverse zone, asking for type A or AAAA.

Example with tcpdump:
22:22:06.019962 IP 160.45.8.8.45341 > 172.29.56.218.53: 34558 [1au] A? y.x.144.217.in-addr.arpa. (57)
22:22:06.129485 IP 160.45.41.8.55855 > 172.29.56.218.53: 12449% [1au] A? y.x.144.217.in-addr.arpa. (57)
22:22:12.571720 IP 160.45.113.3.11019 > 172.29.56.218.53: 15364 [1au] AAAA? y.x.144.217.in-addr.arpa. (57)
22:22:13.571228 IP 160.45.41.4.57403 > 172.29.56.218.53: 11276 [1au] AAAA? y.x.144.217.in-addr.arpa. (57)
22:22:14.561769 IP 160.45.113.3.1159 > 172.29.56.218.53: 16591% [1au] AAAA? y.x.144.217.in-addr.arpa. (57)
22:22:17.172626 IP 160.45.8.8.34605 > 172.29.56.218.53: 10352 [1au] AAAA? y.x.144.217.in-addr.arpa. (57)
22:22:17.281042 IP 160.45.41.8.56158 > 172.29.56.218.53: 32812% [1au] AAAA? y.x.144.217.in-addr.arpa. (57)
22:30:09.386217 IP 134.169.34.26.52144 > 172.29.56.218.53: 29463% [1au] AAAA? y.x.144.217.in-addr.arpa. (57)
22:30:09.539619 IP 134.169.34.56.59778 > 172.29.56.218.53: 63208% [1au] AAAA? y.x.144.217.in-addr.arpa. (57)
22:30:09.699493 IP 134.169.34.26.63325 > 172.29.56.218.53: 25399% [1au] A? y.x.144.217.in-addr.arpa. (57)
22:30:09.859583 IP 134.169.34.56.41423 > 172.29.56.218.53: 23848% [1au] A? y.x.144.217.in-addr.arpa. (57)
22:30:19.200884 IP 139.17.128.10.65059 > 172.29.56.218.53: 37206 [1au] AAAA? y.x.144.217.in-addr.arpa. (57)
22:30:20.694596 IP 213.136.95.10.42215 > 172.29.56.218.53: 13396% [1au] A? y.x.144.217.in-addr.arpa. (57)


The top queries are for the IP address of my NTP pool server, the other one is for the IP of my primary DNS server.
These are originating from several IP addresses, sometimes also Google DNS and DNS resolvers of universities.

I've never suffered any problems with my PTR zone and there are enough legitimate queries to prove me that the zone is working as it should...
Is this "normal background noise" or could that be caused by a malformed DNS zone? Or is anyone else seeing those weird queries?


Thanks!

Greetings from Wuppertal
 Max



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </ripe/mail/archives/dns-wg/attachments/20160108/2fc83100/attachment.sig>

Previous message (by thread): [dns-wg] [db-wg] Meanwhile, at ICANN...
Next message (by thread): [dns-wg] PTR-Queries asking for type A or AAAA

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ dns-wg Archives ]