[Pdns-users] Queries .domain. Attack to root server?

Stephane Bortzmeyer bortzmeyer at nic.fr
Sun Dec 13 15:41:53 UTC 2015


On Sun, Dec 13, 2015 at 03:17:04PM +0000,
 Federico Olivieri <lvrfrc87 at gmail.com> wrote 
 a message of 131 lines which said:

> I did sniff traffic and I saw some strange queries with .domain at the end
> of the name

Always use tcpdump with -n option... (hint: the last field is the
port, 53 in digits, domain in letters).

> If I do dig for one of those domains I can see that the query goes directly
> to root server.

Of course, since it searches for the .domain TLD.





More information about the Pdns-users mailing list