[28268] in North American Network Operators' Group
Re: Question about strain on the A root server
daemon@ATHENA.MIT.EDU (jlewis@lewis.org)
Sun Apr 23 01:38:05 2000
Date: Sun, 23 Apr 2000 01:35:55 -0400 (EDT)
From: jlewis@lewis.org
To: Dirk Harms-Merbitz <dirk@power.net>
Cc: nanog@merit.edu
In-Reply-To: <20000422112325.A6687@noc.power.net>
Message-ID: <Pine.LNX.4.10.10004230133160.25904-100000@redhat1.mmaero.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Sat, 22 Apr 2000, Dirk Harms-Merbitz wrote:
> That's what we thought initially. Somebody processing logfiles.
>
> Doesn't look like it though. A remote machine makes our top ten
> list and then stays there for days. If we block on a router level
> then it seems to get fixed eventually on the other end.
If you're looking at the stats enough to pin down heavy usage to
individual systems, it shouldn't be too much more work to track down why
they're suddenly making the top ten list. i.e. is it a bug in their
resolver, or were they hacked and running some scanner kit that makes
heavy use of DNS, with A hard-coded into the scanner?
----------------------------------------------------------------------
Jon Lewis *jlewis@lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________http://www.lewis.org/~jlewis/pgp for PGP public key__________
