underscores in A queries
Ondřej Surý
ondrej at isc.org
Fri Apr 9 21:11:24 UTC 2021
Those are qname minimization queries.
Because DNS implementations (especially in load-balancers) are so broken, the qname minimizing resolver can’t ask for:
<domain> IN NS
because that often doesn’t work, but when it asks:
_.<domain> IN A
the resolver will get the correct answer.
Unfortunately, this is the world we are living in...
Ondrej
--
Ondřej Surý (He/Him)
ondrej at isc.org
> On 9. 4. 2021, at 20:28, Kevin K <bind at kretz.net> wrote:
>
> Hi,
>
> I've been parsing my query logs to watch for unusual/unexpected lookups, and I notice quite a few A queries with underscores, often in patterns like
>
> _.domainname.com
>
> often followed by
>
> _.xyz.domainname.com
>
> or
>
> _.domainname.com.mydomain.com
>
> Can someone tell me what these are and what the underscores mean?
>
>
> thanks
>
> Kevin
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20210409/522bda3d/attachment-0001.bin>
More information about the bind-users
mailing list