I was working on something else and discovered that there are people
sending DoH queries to the web server at my authority, and i went to
decode it to see if it was something that I should expect or not.
It appears to just be recursive query as decoded below. Instead of
serving them up a 404 page, I'm likely going to start logging and
storing these. I could send back what my local resolver comes up with,
or just REFUSED. Wondering what others have done here.
- Jared
query source: 14.145.198.75
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38427
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;rr2---sn-oguelnsz.googlevideo.com. IN A
;; ADDITIONAL SECTION:
;; OPT PSEUDOSECTION
; EDNS: version: 0, flags: ; udp: 2048
--
Jared Mauch | pgp key available via finger from ja...@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
_______________________________________________
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
