DNS something is wrong?
- by Nickolas R.
Hello
I am configuring bind9 on a server with two network interfaces, one is connected to the LAN and the other is connected to the Internet through NAT so bind is not faced directly to the Internet. Everything seems to work fine, clients can do both forward and reverse lookups but somethings seems strange.
On the server if i try to ping www.google.com one time, a great amount of network activity is genereated, alot more that one would expect so i decided to sniff the traffic with tcpdump. When loading the dump into Wireshark i can see about 250 entries with "Standard query A" and "Standard query response" Here a some of the entries from the dump
DNS Standard query A www.google.com
DNS Standard query A blackhole-1.iana.org
DNS Standard query A blackhole-2.iana.org
DNS Standard query response
DNS Standard query A ns2.isc-sns.com
DNS Standard query A ns1.isc-sns.net
DNS Standard query A ns3.isc-sns.info
DNS Standard query response PTR b.iana-servers.net RRSIG
DNS Standard query A auth2.dns.cogentco.com
DNS Standard query A ns1.crsnic.net
DNS Standard query A ns2.nsiregistry.net
DNS Standard query A ns3.verisign-grs.net
DNS Standard query A ns4.verisign-grs.net
DNS Standard query PTR 79.52.19.199.in-addr.arpa
I do not have too much experince with DNS yet, but i am pretty sure that something is wrong. Anybody that have an idea of whats is going on?
