Computer Laboratory Home Page Search A-Z Directory Help
University of Cambridge Home Computer Laboratory
DNS Probe Traffic
Computer Laboratory > Research > Systems Research Group > NetOS > Adam > DNS Probe Traffic

What are you doing to my nameservers?

You may have been directed to this page because you are investigating unexpected traffic to TCP port 53 on your nameservers, or unexpected AXFRs of your zones in nameserver logs. This is part of an attempt to collect data on the current DNS, to be used for analysis and as a basis for simulation and testing of proposed new DNS architectures. It is a similar project to those carried out at RIPE and ISC (although it has no connection with those organisations). We'd like to reassure you that this is not in any way malicious traffic:

  • It is not a host scan. We are only connecting to machines because they have been advertised as DNS servers.
  • It is not a denial-of-service attack. We aim to connect to each server at most once for each domain it is advertised for.
  • It is not an indication of a planned attack. We will do nothing with this data except for bulk analysis, and simulation experiments. It will not be used to direct further (non-DNS) traffic to your network.
  • It is not an unauthorised use of computer facilities. Your servers are providing copies of this data to the public, and are advertised as providing this service.

We mean you no harm, and hope that we have not caused any inconvenience. If you believe that these requests are causing a serious problem, please contact us with details, and we will investigate immediately. This research is being carried out as part of the Adam project, by Jon Crowcroft, Tim Deegan and Andy Warfield.