North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Bogus Root DNS server Traffic.

  • From: Jason Giglio
  • Date: Mon Sep 27 14:36:24 2004


Hello,


This bug is in SuSe, Debian, every version of Red Hat I tested.

tcpdump -nl -i any -s 2048 dst port 53

ssh [email protected]

14:53:30.239173 65.114.174.99.32778 > 205.171.3.65.domain: 64500+ AAAA? host.domain.com. (46) (DF)
14:53:30.267398 65.114.174.99.32778 > 205.171.3.65.domain: 64501+ AAAA? host. (26) (DF)
14:53:30.286020 65.114.174.99.32778 > 205.171.3.65.domain: 64502+ A? host.domain.com. (46) (DF)


That middle query is causing bogus root DNS server traffic every time someone sshs to an unqualified hostname within their LAN.


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131610


SSH people won't take responsibility for this bug. The Fedora people won't take responsibility for this bug. I'm sick of trying to report this bug, so here it is.

I figured the administrators of root DNS servers should know about this, which is why I copied to NANOG. Who knows how much bogus traffic this issue is causing. My guess is lots.


-- Jason Giglio IT Coordinator Smyth Bedford, VA, USA Phone: 540-586-2311x113