North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Bogus Root DNS server Traffic.
This bug is in SuSe, Debian, every version of Red Hat I tested.
tcpdump -nl -i any -s 2048 dst port 53
14:53:30.239173 18.104.22.168.32778 > 22.214.171.124.domain: 64500+ AAAA? host.domain.com. (46) (DF)
14:53:30.267398 126.96.36.199.32778 > 188.8.131.52.domain: 64501+ AAAA? host. (26) (DF)
14:53:30.286020 184.108.40.206.32778 > 220.127.116.11.domain: 64502+ A? host.domain.com. (46) (DF)
That middle query is causing bogus root DNS server traffic every time someone sshs to an unqualified hostname within their LAN.
SSH people won't take responsibility for this bug. The Fedora people won't take responsibility for this bug. I'm sick of trying to report this bug, so here it is.
I figured the administrators of root DNS servers should know about this, which is why I copied to NANOG. Who knows how much bogus traffic this issue is causing. My guess is lots.