[dnsdist] Many "NS ." requests
Winfried
walists at mailbox.org
Tue Aug 26 13:21:21 UTC 2025
On 26.08.25 14:57, Stephane Bortzmeyer wrote:
> On Tue, Aug 26, 2025 at 02:52:21PM +0200,
> Winfried via dnsdist <dnsdist at mailman.powerdns.com> wrote
> a message of 25 lines which said:
>
>>>> topQueries(30)
>>> 1 . 7906 39.5%
>>>
>>> Which is probably not normal.
>>>
>> "." is not on the topQueries() list on a very busy dnsdist (Resolver
>> loadbalancer) here. Is it possibly a (dnsdist) health-check?
> Probably not since it is sent to the backend (I can see it by snooping
> the link between dnsdist and the backend). Which is strange since, at
> least, dnsdist should serve it from its cache.
>
We see many queries for google.com containing opcode 2 (status), which
are dropped by Recursor. Maybe the ". NS" queries you see has also a
wrong opcode or something else and are dropped by the backend as well?
More information about the dnsdist
mailing list