Anyone knows what is – top entry on my BIND DNS server

Ugorji Nnanna asked:

Administer a DNS server running BIND DNS. We use dnstop to monitor queries. I have as top query with highest count and I’m wondering what the domain is, I can’t find really useful information on the domain. Does anyone know about it?

dnstop output:

Query Name                Count      %   cum% 
--------------------- --------- ------ ------                257283    5.2    5.2               208042    4.2    9.5           188231    3.8   13.3                    183011    3.7   17.0

Thank you.

My answer: appears to be the web site of an online game. My first suspicion is that someone is, or many people are, playing this game at work.

Obviously you should also check user workstations for unauthorized and malicious software. The game web site could be a cover for malicious activity.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.