Traffic from my DNS server to other host
i'been seeing a kind of traffic that i was not expecting, i think it would be a DNS Query or something alike. here my tcpdump at my nic.
209.123.162.211 its my linode adress
18:35:20.265417 IP 208.64.126.74.62214 > 209.123.162.211.53: 1779+ ANY? . (17)
0x0000: 4520 002d 0666 0000 f711 fa5f d040 7e4a E..-.f….._.@~J
0x0010: d17b a2d3 f306 0035 0019 41b1 06f3 0100 .{…..5..A…..
0x0020: 0001 0000 0000 0000 0000 ff00 01 ………….
18:35:20.265962 IP 209.123.162.211.53 > 208.64.126.74.62214: 1779 13/13/6 NS h.root-servers.net.,[|
domain]
0x0000: 4500 0215 0000 4000 4011 75fe d17b a2d3 E…..@.@.u..{..
0x0010: d040 7e4a 0035 f306 0201 044d 06f3 8180 .@~J.5…..M….
0x0020: 0001 000d 000d 0006 0000 ff00 0100 0002 …………….
0x0030: 0001 0002 c97f 0014 0168 0c72 6f6f 742d ………h.root-
0x0040: 7365 7276 6572 7303 6e65 7400 0000 0200 servers.net…..
0x0050: 0100 ..
I setup a ISPconfig 2 from howtoforge and use this linode like test environment. this behavior occurs not very often at my linode, but im little worry about it would grow with the time, this process consume bandwith (at this time very little) but what about if it would be a production LAMP server???
Grettings, EF