[nzlug] Weird dns resolution.

[Nick 'Zaf' Clifford]

Steve Holdoway wrote:
> I've been working on cleaning up an old mailing list of ours, and the first thing I've been doing is to validate that the domains on the list actually have a valid MX ( or failing that A ) record. A number of these came back as being set to the 127/8 subnet, mainly localhost. So I made a script up, and prepared to sanitise the list. For some reason or other, I decided to recheck these addresses before deleting them, and, lo and behold a fair proportion of them now resolve properly to routeable addresses.
>   
Let me just clarify, initially these domains resolved to 127.0.0.1 (or
somewhere else in the 127.0.0.0/8 subnet)?
And then awhile later, you tried them again, and they resolved back to
something normal?

Ok, you've got a significant DNS problem. Somewhere, something, is lying.

I can't think of any reason that a domain would have a valid reason to
resolve to 127.0.0.0/8, except as a test or joke (eg hack this box).

If I've misread, then please clarify the problem.
> Is this me, could it be a function of the number of lookups I'm doing as I had about a hundred processes running in parallel, or is it becoming a common practice for people to do this on a regular basis?? I did re-run my checks using opendns servers and I still see the same thing happening.
>   
>
Even if you're doing "too many" DNS resolutions, the correct response is
to send back SRV_FAIL, not a bogas address.

That said, I suppose it could be some anti-worm propagation thing.

Nick