[mailop] FW: [dns-operations] weird queries for mx1.mx2.mx1.mx2...

Mon, 30 Mar 2020 04:52:01 -0700 

Forwarding this from the DNS operators/researchers group at OARC.  From the 
queries, looks like something is looking for MTA-STS RR information 
incorrectly?  Anyone else see this behavior? 

Scott

-- 
Scott Rose, NIST ITL
scott.r...@nist.gov
ph: +1-301-975-8439
GVoice: +1-571-249-3671
 

On 3/30/20, 5:56 AM, "dns-operations on behalf of Petr Špaček" 
<dns-operations-boun...@dns-oarc.net on behalf of petr.spa...@nic.cz> wrote:

    Hello everyone,
    
    while debugging some resolution problems we have notices really weird 
queries, seemingly related to e-mail delivery. This is query list for domain 
truckinsurancekentucky.com:
    
    
mx1.mx1.mx1.mx1.mx1.mx2.mx1.mx2.mx1.mta-sts.mx1.mx1.mx2.mx2.mta-sts.mx1.mx1.truckinsurancekentucky.com.
 AAAA
    
    
mx1.mx1.mx1.mx2.mx1.mx2.mx1.mx2.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx1.mx2.mx2.truckinsurancekentucky.com.
 A
    
    
mx1.mx2.mx1.mx1.mx1.mx1.mx1.mx2.mx1.mx1.mta-sts.mx1.mx2.mx2.mx2.mx1.truckinsurancekentucky.com.
 A
    
    
mx1.mx2.mx1.mx1.mx2.mx1.mx1.mx2.mx1.mx1.mx1.mx1.mx2.mx1.mx2.mta-sts.mx1.truckinsurancekentucky.com.
 NS
    
    
mx1.mx2.mx1.mx2.mx2.mx1.mx1.mx1.mx1.mx2.mta-sts.mx1.mx1.mx2.mta-sts.mx2.mx2.truckinsurancekentucky.com.
 AAAA
    
    
mx1.mx2.mx2.mx1.mx2.mx2.mx1.mx2.mx2.mx2.mx2.mx1.mx2.mx1.mx2.mx1.mx1.mx1.truckinsurancekentucky.com.
 A
    
    
mx2.mx1.mx1.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx2.mta-sts.mx1.mx2.mta-sts.mx1.mx2.mx1.truckinsurancekentucky.com.
 NS
    
    
mx2.mx1.mx2.mx1.mx1.mx2.mx1.mx2.mx1.mx2.mx1.mx1.mx1.mx1.mta-sts.mx1.mx2.mx2.truckinsurancekentucky.com.
 NS
    
    
mx2.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx1.mx2.mx1.mx1.mx1.mta-sts.mx1.mx2.truckinsurancekentucky.com.
 A
    
    
mx2.mx2.mx1.mx1.mx2.mx1.mx2.mx1.mx1.mta-sts.mx1.mx2.mx1.mx1.mta-sts.mx2.mx2.truckinsurancekentucky.com.
 AAAA
    
    
mx2.mx2.mx1.mx2.mx1.mx1.mx1.mx2.mx1.mx1.mx1.mx1.mx1.truckinsurancekentucky.com. 
AAAA
    
    
mx2.mx2.mx1.mx2.mx1.mx1.mx1.mx2.mx2.mx2.mx1.mx1.mx1.mta-sts.mx1.mx2.mx2.mx2.truckinsurancekentucky.com.
 A
    
    Domain truckinsurancekentucky.com is not the only one with this weird 
behavior. Does anyone have an idea what is causing this?
    
    (We have access only to anonymized data so we are unable to pinpoint 
responsible client.)
    
    -- 
    Petr Špaček  @  CZ.NIC
    _______________________________________________
    dns-operations mailing list
    dns-operati...@lists.dns-oarc.net
    
https://gcc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.dns-oarc.net%2Fmailman%2Flistinfo%2Fdns-operations&amp;data=02%7C01%7Cscott.rose%40nist.gov%7C1bda85ff3a8344ec7e6308d7d4908cca%7C2ab5d82fd8fa4797a93e054655c61dec%7C1%7C0%7C637211589617184738&amp;sdata=3YCswvrSR%2Bus8QFnB77Cz8RVsSqcDlRQJq%2FDsqaeczw%3D&amp;reserved=0
    

_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop

Reply via email to