All,

I've recently sent emails to a few gateway operators regarding non-stop traffic to the DNS server dns-mdc[dot]ampr[dot]org. The clients make A and AAAA queries for the same domain at a rate that's highly unlikely to be legitimate software.

I first noticed this on another IP. In that instance, the client continued to query the server despite being rejected.

Perhaps the operators can share more information or insight on what they discover as they have time to work out the issue. For others, be mindful, remember to firewall and use good Internet hygiene.

73,

Lynwood

KB3VWG