Use case for "." queries
Chris Buxton
clists at buxtonfamily.us
Mon May 7 14:43:49 UTC 2018
> On May 7, 2018, at 7:07 AM, John Miller JR <johnmillerjr81 at gmail.com> wrote:
>
> Hello,
> On bind recursive server I am seeing lots of queries for "." with type ANY.
> Is there any use case which requires devices to send queries for "." with type ANY ?
There could be a legitimate use case. But the most common use of such queries is to conduct an amplification attack.
What are the apparent source addresses of these queries? Are they consistent? If so, that would point to the target of such an attack, not the source.
Chris Buxton
More information about the bind-users
mailing list