Those are qname minimization queries. Because DNS implementations (especially in load-balancers) are so broken, the qname minimizing resolver can’t ask for:
<domain> IN NS because that often doesn’t work, but when it asks: _.<domain> IN A the resolver will get the correct answer. Unfortunately, this is the world we are living in... Ondrej -- Ondřej Surý (He/Him) ond...@isc.org > On 9. 4. 2021, at 20:28, Kevin K <b...@kretz.net> wrote: > > Hi, > > I've been parsing my query logs to watch for unusual/unexpected lookups, and > I notice quite a few A queries with underscores, often in patterns like > > _.domainname.com > > often followed by > > _.xyz.domainname.com > > or > > _.domainname.com.mydomain.com > > Can someone tell me what these are and what the underscores mean? > > > thanks > > Kevin > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support subscriptions. > Contact us at https://www.isc.org/contact/ for more information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
