repeated req: nlookup(aol.com) type=15 class=1
Mark Kent
mark at noc.mainstreet.net
Wed Jul 28 19:12:20 UTC 1999
Hello,
I have observed repeated queries to our listed(*) nameservers
of this type:
datagram from [129.180.11.17].13386, fd 24, len 25; now Wed Jul 28 10:50:46 1999
req: nlookup(aol.com) id 43341 type=15 class=1
req: found 'aol.com' as 'aol.com' (cname=0)
ns_req: answer -> [129.180.11.17].13386 fd=24 id=43341 size=500 Remote
These are coming in at about 1 or 2 a second from a dozen hosts
spread out around the net. None of these hosts should be pointing
at our nameservers for routine name lookups, and of course we are
not authoritative for aol.com.
All are type=15 (MX record).
The requests are coming from:
Name: janker.wankermobile.org
Address: 216.41.23.68
Name: Lets.lepak.net
Address: 216.15.178.201
Name: crow.prod.itd.earthlink.net
Address: 209.178.63.7
Name: cardassian.keysdigital.com
Address: 208.235.124.20
Name: mcls.rochester.lib.ny.us
Address: 204.97.3.3
Name: wks01.spo.embratel.net.br
Address: 200.245.255.33
Name: inspire3d.com
Address: 199.108.32.203
Name: sss00204.schwab.com
Address: 162.93.15.131
Name: turing.une.edu.au
Address: 129.180.11.17
and 203.251.77.1 (somewhere in Korea).
I am going to block these out, but I was wondering what would case
such behavior? They are all asking the same question, of the wrong
servers, and repeating it over and over and over...
Thanks,
-mark
(*) By "listed" I mean servers that at least one NIC lists as
authoritative for some zones.
More information about the bind-users
mailing list