he at uninett.no
Mon Feb 4 15:42:23 UTC 2019
I had observed some traffic arriving at our recursive servers
which tried to connect to port 853 (the dns-over-tls port), so
I've now spun up an unbound to serve those requests.
Initially I'm running with query logging turned on, and I'm
slightly disappointed to report that all the queries I find
in the log conform to this pattern:
Feb 4 16:00:56 myname unbound: [22507:0] info: a.b.c.d null TYPE0 CLASS0 REFUSED 0.000000 1 12
where a.b.c.d is the IP address of the client. There doesn't
appear to arrive other queries from the client, but the client
will repeat the probing periodically. Type 0 is supposed to be
used as a special indicator for the SIG(0) RR, and must not
otherwise be used, whereas class 0 is reserved (IN is class 1),
says RFC 6895.
Does anyone know what type of client does this? Since I don't
appear to receive other queries than these probes over dns-
over-tls I'm curious to know whether it's something wrong at my
I have a properly signed certificate for the service; both the
name and the IP addresses are part of the certificate.
More information about the Unbound-users