Odd DNS requests
Michael Powell
nightrecon at verizon.net
Sat Feb 28 03:51:56 PST 2009
Ian Smith wrote:
> Hi,
>
> recently we've had a Mac notebook of some sort on our LAN, that likes to
> make these DNS queries from time to time, to no avail, as noticed on a
> filtering bridge between the LAN and the router+DNS at 192.168.0.1:
>
> 16:13:05.020397 192.168.0.59.53207 > 192.168.0.1.53: 63162+ PTR?
> b._dns-sd._udp.0.0.168.192.in-addr.arpa. (57) [tos 0x18]
> 16:13:05.021093 192.168.0.1.53 > 192.168.0.59.53207: 63162 NXDomain*
> 0/1/0 (128) (DF)
> 16:13:05.215790 192.168.0.59.64633 > 192.168.0.1.53: 61059+ PTR?
> db._dns-sd._udp.0.0.168.192.in-addr.arpa. (58) [tos 0x18]
> 16:13:05.216469 192.168.0.1.53 > 192.168.0.59.64633: 61059 NXDomain*
> 0/1/0 (129) (DF)
> 16:13:05.226242 192.168.0.59.61635 > 192.168.0.1.53: 6749+ PTR?
> r._dns-sd._udp.0.0.168.192.in-addr.arpa. (57) [tos 0x18]
> 16:13:05.226789 192.168.0.1.53 > 192.168.0.59.61635: 6749 NXDomain* 0/1/0
> (128) (DF)
> 16:13:05.237319 192.168.0.59.56300 > 192.168.0.1.53: 21450+ PTR?
> dr._dns-sd._udp.0.0.168.192.in-addr.arpa. (58) [tos 0x18]
> 16:13:05.237842 192.168.0.1.53 > 192.168.0.59.56300: 21450 NXDomain*
> 0/1/0 (129) (DF)
> 16:13:05.248440 192.168.0.59.60806 > 192.168.0.1.53: 10032+ PTR?
> lb._dns-sd._udp.0.0.168.192.in-addr.arpa. (58) [tos 0x18]
> 16:13:05.249252 192.168.0.1.53 > 192.168.0.59.60806: 10032 NXDomain*
> 0/1/0 (129) (DF)
>
> What exactly are these hoping to discover, and what needs turning off in
> the Mac's setup (OSX, most likely a recent version) to quell them?
>
[snip]
Probably Avahi and/or Apple's Bonjour service. These are also known as
"ZeroConf" services.
-Mike
More information about the freebsd-questions
mailing list