/
Resolvers setting answer bits in queries

Resolvers setting answer bits in queries

Owned by Oli Schacher
Sept 13, 2017

Description:


Show a list of resolvers which send queries containing values which should only be present in answers:
- TC bit set
- RA bit set
- RCODE > 0 

Note that these columns are only available as of ENTRADA 0.0.10


Impala Query:


select 
 src,
 max(country) as country,
 count(*) as total_queries,
 sum(case when (q_tc=true or q_ra=true or q_rcode>0) then 1 else 0 end) as weird_queries,
 sum(q_tc) as q_tc,
 sum(q_ra) as q_ra,
 sum(case when q_rcode > 0 then 1 else 0 end) as q_rcode
from 
 dns.queries 
where 
 year=2017 and month=9 
group by 
 src 
having 
 weird_queries>0
order by
 weird_queries desc
 
limit 10


Example Output:


srccountrytotal_queriesweird_queriesq_tcq_raq_rcode
195.141.183.84CH208763082003082
212.205.80.44GR118182963002963
98.191.98.157US25122349002349
195.167.37.93GR54091288001288
91.209.84.9CH4162971300713
46.18.202.87RU56053600536
104.43.9.196SG42939839800
213.198.82.40DE391238600386
141.122.189.112CH13800119600196
212.243.142.98CH156015800158

Related content

Percentage of potentially validating resolvers in a specific country
Percentage of potentially validating resolvers in a specific country
DNSSEC
More like this
Queries per day that include the EDNS0 option edns-key-tag
Queries per day that include the EDNS0 option edns-key-tag
DNSSEC
More like this
Count Google Open DNS Queries
Count Google Open DNS Queries
Resolvers
More like this
Getting DMARC Queries
Getting DMARC Queries
Domain Names
More like this
DNS Magnitude
DNS Magnitude
Domain Names
More like this
Top N NXDOMAIN
Top N NXDOMAIN
Domain Names
More like this