DNS Attack
What happen to my internal DNS. The query for Domain is very confusing. It is because my internal domain is internal.org.
But when i do sniffing, i found that the query to the outside domain (internet "ns1.abc.com") has attached my local domain at the back ("ns1.abc.com.internal.org).
Can anybody explain, why it become like this.
Below is a sniffed packet
1. 16:56:37.384951 10.10.6.35.3094 > dnsserver.internal.org.domain: 2896+ A? yahoo.com.internal.org. (38)
2. 17:01:42.512643 dnsserver.internal.org.domain > d.root-servers.net.domain: 10288 A? ns1.google.com.internal.org. (44) (DF)
|