[AusNOG] arpa.com.au.. wtf?? (telstra/optus/connect resolvers doing 'in-addr.arpa.com.au' requests?!
Alastair Johnson
aj at sneep.net
Tue Nov 24 23:18:36 EST 2009
Hi Damien,
Damien Gardner Jnr wrote:
> Seems one of the guys using the box for 2ndary dns went and redelegated
> arpa.com.au over to using the box late last month.. Now that seems
> normal enough.. Until you look at the 30-40 requests/sec coming in from
> fairly large .au
> resolvers (resolv1.syd7.internode.on.net, yarrina.connect.com.au, warrane.connect.com.au, ns2.on.net, GigEth8-0-0.ia4.optus.net.au,
> dns0.iseek.com.au,
> ns1.intellicentre.com.au, bld2.pao.opendns.com, syd-dnscache-01.brennanit.net.au, bne-dnscache-01.brennanit.net.au, ns.mel.pacific.net.au, bware01.bur.connect.com.au,
> dnsxx.yyy.optusnet.com.au, etc), for NS and PTR queries against mainly
> 10.in-addr.arpa.com.au, as well as quite a host of other
> in-addr.arpa.com.au 'zones'..
It sounds like resolvers which are trying to resolve in-addr.arpa
records, and appending their domain search order (probably
'somedomain.com.au', '.com.au', '.au', '.') to the query. This would
often trigger if the zone they're trying to resolve is not delegated...
aj
More information about the AusNOG
mailing list