[dns-wg] PTR-Queries asking for type A or AAAA

Fri, 08 Jan 2016 14:40:45 -0800 

Hello,

today I noticed, that my DNS servers are getting a noticable amount of DNS 
queries for my IPv4 reverse zone, asking for type A or AAAA.

Example with tcpdump:
22:22:06.019962 IP 160.45.8.8.45341 > 172.29.56.218.53: 34558 [1au] A? 
y.x.144.217.in-addr.arpa. (57)
22:22:06.129485 IP 160.45.41.8.55855 > 172.29.56.218.53: 12449% [1au] A? 
y.x.144.217.in-addr.arpa. (57)
22:22:12.571720 IP 160.45.113.3.11019 > 172.29.56.218.53: 15364 [1au] AAAA? 
y.x.144.217.in-addr.arpa. (57)
22:22:13.571228 IP 160.45.41.4.57403 > 172.29.56.218.53: 11276 [1au] AAAA? 
y.x.144.217.in-addr.arpa. (57)
22:22:14.561769 IP 160.45.113.3.1159 > 172.29.56.218.53: 16591% [1au] AAAA? 
y.x.144.217.in-addr.arpa. (57)
22:22:17.172626 IP 160.45.8.8.34605 > 172.29.56.218.53: 10352 [1au] AAAA? 
y.x.144.217.in-addr.arpa. (57)
22:22:17.281042 IP 160.45.41.8.56158 > 172.29.56.218.53: 32812% [1au] AAAA? 
y.x.144.217.in-addr.arpa. (57)
22:30:09.386217 IP 134.169.34.26.52144 > 172.29.56.218.53: 29463% [1au] AAAA? 
y.x.144.217.in-addr.arpa. (57)
22:30:09.539619 IP 134.169.34.56.59778 > 172.29.56.218.53: 63208% [1au] AAAA? 
y.x.144.217.in-addr.arpa. (57)
22:30:09.699493 IP 134.169.34.26.63325 > 172.29.56.218.53: 25399% [1au] A? 
y.x.144.217.in-addr.arpa. (57)
22:30:09.859583 IP 134.169.34.56.41423 > 172.29.56.218.53: 23848% [1au] A? 
y.x.144.217.in-addr.arpa. (57)
22:30:19.200884 IP 139.17.128.10.65059 > 172.29.56.218.53: 37206 [1au] AAAA? 
y.x.144.217.in-addr.arpa. (57)
22:30:20.694596 IP 213.136.95.10.42215 > 172.29.56.218.53: 13396% [1au] A? 
y.x.144.217.in-addr.arpa. (57)


The top queries are for the IP address of my NTP pool server, the other one is 
for the IP of my primary DNS server.
These are originating from several IP addresses, sometimes also Google DNS and 
DNS resolvers of universities.

I've never suffered any problems with my PTR zone and there are enough 
legitimate queries to prove me that the zone is working as it should...
Is this "normal background noise" or could that be caused by a malformed DNS 
zone? Or is anyone else seeing those weird queries?


Thanks!

Greetings from Wuppertal
 Max

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to