DNS queries for a non-existent domain in Unbound

andrew_241 · September 03, 2025, 01:48:17 AM

I'm seeing DNS queries for A and AAAA records for jetstream.tour.in. tour.in doesn't exist. In 'Reporting', it accounted for somewhere around 10 percent of passed domains (making it the largest by far) before I put it in a blocklist. I'm almost certain that I don't have any malware on any of my devices. Has anyone else encountered this domain?

cookiemonster · September 03, 2025, 12:04:06 PM

Nope. Is the client ip making the query not available to trace it ?

jangw · September 03, 2025, 03:58:41 PM

tour.in is registered but the name servers are not reachable. Anyone on your network planning to travel to India?

https://www.whois.com/whois/tour.in

andrew_241

Examining a packet capture, I was able to trace the requests back to my mail server, which is in a VM on a separate VLAN. I'll have to figure out why it's asking for this particular domain.

meyergru

Because it want to send a mail there? Maybe a bounce?

DNS queries for a non-existent domain in Unbound

andrew_241

September 03, 2025, 01:48:17 AM

cookiemonster

September 03, 2025, 12:04:06 PM #1

jangw

September 03, 2025, 03:58:41 PM #2

andrew_241

Today at 01:06:07 AM #3

meyergru

Today at 01:08:11 AM #4