[Pdns-users] Understanding why pdns-recursor 4.8.6 queries DS extremely often

Thomas Mieslinger miesi at mail.com
Tue Mar 12 07:43:20 UTC 2024 

While analyzing a spam run, I found the following queries and responses
for the not delegated domain YALRDRK.net

For _dmarc.ja<> the queries and responses look as expected.

For default._bimi.jaqg<> a SERVFAIL is returned by instead of the
expected NXDOMAIN.

For _bimi.jaqgs<> the gtld nameserver is queried once which is what I
expect.

For default._bimi.jaqg<> the gtld nameservers are queried 5 times for
the DS Record. Is there a good reason to torture .net gtld Nameservers?

> "PacketTime","Server","SrcIP","DstIP","QR","ResponseCode","Type","Question"
> "2024-03-09 19:31:23","::ffff:10.74.42.28","::ffff:172.19.254.2",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:23","::ffff:172.19.254.2","::ffff:10.74.42.28",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:10.74.42.31","::ffff:172.19.255.2",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:172.19.255.2","::ffff:10.74.42.31",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:10.74.42.31","::ffff:172.19.255.2",0,0,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:172.19.255.2","::ffff:10.74.42.31",1,2,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:23","::ffff:82.165.226.66","::ffff:192.42.93.30",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:23","::ffff:192.42.93.30","::ffff:82.165.226.66",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,16,"_dmarc.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"_bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"_bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,16,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:82.165.226.66","::ffff:192.54.112.30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","::ffff:192.54.112.30","::ffff:82.165.226.66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","2001:8d8:5c1:453:82:165:226:66","2001:502:8cc::30",0,0,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."
> "2024-03-09 19:31:55","2001:502:8cc::30","2001:8d8:5c1:453:82:165:226:66",1,3,43,"default._bimi.jaqgsfzaxlvvegquwrjaaztnpaskgocqfvregpwqbplmwqahqe.YALRDRK.net."

dnssec=process
root-nx-trust=on
nothing-below-nxdomain=no
qname-minimization=no

If you need the full config or packetcapture, please ask.

Thanks for your insights

Cheers

Thomas

More information about the Pdns-users mailing list