cks,
@cks@mastodon.social avatar

We used to operate one of the university's authoritative secondary DNS servers for all of the university's domains. Many years ago, we ceased doing this, reducing the server to just being authoritative for our own domains. Today I learned that there are a lot of people on the Internet still querying us for other people's domains that we haven't been NS records for for years. Where are they picking this up from? It is a mystery.

cks,
@cks@mastodon.social avatar

Bonus: some of the people still querying our DNS server for domains we aren't authoritative for appear to be (other people's) within-university DNS servers. All I can say is WHAT.

lanodan,
@lanodan@queer.hacktivis.me avatar

@cks I guess some bad DNS configuration that was there for historical reasons, possibly ages ago as a "temporary" workaround.

cks,
@cks@mastodon.social avatar

This is my face when I pull the name server statistics from our 'used to be an authoritative secondary and no longer is' DNS server and discover that more than 80% of the queries are for things we don't serve any more. This is also my face when I pull a tcpdump to look at the sources of this traffic and they are all over the place, including from eg 'DNS-8-0-10-3.Chicago1.Level3.net'. And a lot of AWS machines.

What.

fanf,
@fanf@mendeddrum.org avatar

@cks i guess some of the traffic will be necro-queries repeating ancient traffic captures

i’ve had bad ideas in the past that i realised (before perpetrating code) would make spam queries effectively immortal

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • tester
  • magazineikmin
  • khanakhh
  • InstantRegret
  • thenastyranch
  • Youngstown
  • everett
  • mdbf
  • slotface
  • ngwrru68w68
  • DreamBathrooms
  • kavyap
  • osvaldo12
  • rosin
  • JUstTest
  • Durango
  • tacticalgear
  • modclub
  • cubers
  • GTA5RPClips
  • ethstaker
  • normalnudes
  • cisconetworking
  • Leos
  • megavids
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •