Bogus Root DNS server Traffic.
Jason Giglio
jgiglio at netmar.com
Mon Sep 27 18:32:53 UTC 2004
Hello,
This bug is in SuSe, Debian, every version of Red Hat I tested.
tcpdump -nl -i any -s 2048 dst port 53
ssh user at host
14:53:30.239173 65.114.174.99.32778 > 205.171.3.65.domain: 64500+ AAAA?
host.domain.com. (46) (DF)
14:53:30.267398 65.114.174.99.32778 > 205.171.3.65.domain: 64501+ AAAA?
host. (26) (DF)
14:53:30.286020 65.114.174.99.32778 > 205.171.3.65.domain: 64502+ A?
host.domain.com. (46) (DF)
That middle query is causing bogus root DNS server traffic every time
someone sshs to an unqualified hostname within their LAN.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131610
SSH people won't take responsibility for this bug. The Fedora people
won't take responsibility for this bug. I'm sick of trying to report
this bug, so here it is.
I figured the administrators of root DNS servers should know about this,
which is why I copied to NANOG. Who knows how much bogus traffic this
issue is causing. My guess is lots.
--
Jason Giglio
IT Coordinator
Smyth Bedford, VA, USA
Phone: 540-586-2311x113
More information about the NANOG
mailing list