Attempted DNS queries.

[Yotam Rubin <yotam () MAKIF OMER K12 IL>]

Hello,

My bind is configured to only reply to queries which refer to the zones which
are under my control. I've been receiving a curiously large number of queries
to the "." domain from hosts which I have never seen before.
A more peculiar thing is that many of the offending hosts run ssh
and https alone. Following are the log entries for some of the denied queries:
Mar 19 05:34:18 linux named[24032]: denied query from [216.33.87.10].54947 for "Mar 19 05:55:42 linux named[24032]: 
denied query from [216.33.87.10].55501 for "Mar 19 06:01:25 linux named[24032]: denied query from [216.33.87.10].55639 
for "Mar 19 06:03:06 linux named[24032]: denied query from [216.33.87.10].55692 for "Mar 19 06:06:11 linux 
named[24032]: denied query from [216.33.87.9].56046 for ".Mar 24 19:09:39 linux named[24032]: denied query from 
[63.209.29.136].20196 for
.........
This goes on. I've been able to to identify at least nine unique hosts which
attempted these queries: 167.8.29.52, 206.251.19.88, 209.67.29.8, 216.33.87.8,
216.33.87.10, 63.209.29.136, 208.185.109.155, 167.8.29.91 and 64.14.77.2.
Results of the portscan against these hosts can be found at:
http://192.117.130.34/Fendor/bind-scan-results
Any ideas as to the nature of these queries and the strange pattern which
these hosts exhibit?

        Regards, Yotam Rubin