Odd DNS requests
Ian Smith
smithi at nimnet.asn.au
Sat Feb 28 07:13:02 PST 2009
On Sat, 28 Feb 2009, George Davidovich wrote:
> On Sat, Feb 28, 2009 at 04:32:47PM +1100, Ian Smith wrote:
> > Recently we've had a Mac notebook of some sort on our LAN, that likes
> > to make these DNS queries from time to time, to no avail, as noticed
> > on a filtering bridge between the LAN and the router+DNS at
> > 192.168.0.1:
> >
> > 16:13:05.020397 192.168.0.59.53207 > 192.168.0.1.53: 63162+ PTR? b._dns-sd._udp.0.0.168.192.in-addr.arpa. (57) [tos 0x18]
> > 16:13:05.021093 192.168.0.1.53 > 192.168.0.59.53207: 63162 NXDomain* 0/1/0 (128) (DF)
> > 16:13:05.215790 192.168.0.59.64633 > 192.168.0.1.53: 61059+ PTR? db._dns-sd._udp.0.0.168.192.in-addr.arpa. (58) [tos 0x18]
> > 16:13:05.216469 192.168.0.1.53 > 192.168.0.59.64633: 61059 NXDomain* 0/1/0 (129) (DF)
> > 16:13:05.226242 192.168.0.59.61635 > 192.168.0.1.53: 6749+ PTR? r._dns-sd._udp.0.0.168.192.in-addr.arpa. (57) [tos 0x18]
> > 16:13:05.226789 192.168.0.1.53 > 192.168.0.59.61635: 6749 NXDomain* 0/1/0 (128) (DF)
> > 16:13:05.237319 192.168.0.59.56300 > 192.168.0.1.53: 21450+ PTR? dr._dns-sd._udp.0.0.168.192.in-addr.arpa. (58) [tos 0x18]
> > 16:13:05.237842 192.168.0.1.53 > 192.168.0.59.56300: 21450 NXDomain* 0/1/0 (129) (DF)
> > 16:13:05.248440 192.168.0.59.60806 > 192.168.0.1.53: 10032+ PTR? lb._dns-sd._udp.0.0.168.192.in-addr.arpa. (58) [tos 0x18]
> > 16:13:05.249252 192.168.0.1.53 > 192.168.0.59.60806: 10032 NXDomain* 0/1/0 (129) (DF)
> >
> > What exactly are these hoping to discover, and what needs turning off
> > in the Mac's setup (OSX, most likely a recent version) to quell them?
>
> DNS-Based Service Discovery:
> <http://files.dns-sd.org/draft-cheshire-dnsext-dns-sd.txt>
>
> Skip to the section titled:
>
> 12. Discovery of Browsing and Registration Domains (Domain
> Enumeration)'
>
> when it gets boring. There may be something more recent or more
> authoritative, but that's what I have bookmarked.
Thankyou George. Not tonight's bedtime reading but I'll get through it.
> As for configuring the notebook, etc., perhaps someone else can chime
> in.
On the face of it, it seems not a bad idea. I'm not averse to using DNS
in ways that some may consider impure, being more bothered by things I
don't understand :) I'll check the Mac's mDNS setup though, there's no
sense it banging away forever on NXDOMAIN responses, that often anyway.
cheers, Ian
More information about the freebsd-questions
mailing list