Bogus Root DNS server Traffic.

• Previous message (by thread): Script to parse IANA Protocol-Numbers
• Next message (by thread): Bogus Root DNS server Traffic.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

This bug is in SuSe, Debian, every version of Red Hat I tested.

tcpdump -nl -i any -s 2048 dst port 53

ssh user at host

14:53:30.239173 65.114.174.99.32778 > 205.171.3.65.domain:  64500+ AAAA? 
host.domain.com. (46) (DF)
14:53:30.267398 65.114.174.99.32778 > 205.171.3.65.domain:  64501+ AAAA? 
host. (26) (DF)
14:53:30.286020 65.114.174.99.32778 > 205.171.3.65.domain:  64502+ A? 
host.domain.com. (46) (DF)

That middle query is causing bogus root DNS server traffic every time 
someone sshs to an unqualified hostname within their LAN.


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=131610

SSH people won't take responsibility for this bug.  The Fedora people 
won't take responsibility for this bug.  I'm sick of trying to report 
this bug, so here it is.

I figured the administrators of root DNS servers should know about this, 
which is why I copied to NANOG.  Who knows how much bogus traffic this 
issue is causing.  My guess is lots.


-- 
Jason Giglio
IT Coordinator
Smyth Bedford, VA, USA
Phone: 540-586-2311x113

• Previous message (by thread): Script to parse IANA Protocol-Numbers
• Next message (by thread): Bogus Root DNS server Traffic.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]