Odd entries in DNS lookup log

Question

With BIND (named) enabled on an OS-X Lion iMac, I can get a list of queries as they occur. In the list are some very strange entries, listed below. Can anyone shed some light on these? (Note that the iMac is at 192.168.1.3) :

query: xdnrhkbqnn IN A + (127.0.0.1)
query: rvdldbxroe IN A + (127.0.0.1)
query: dtzmkqjwwc IN A + (127.0.0.1)
query: edyidthaxc IN A + (127.0.0.1)
query: bqjmeqglim IN A + (127.0.0.1)
query: sixelsjzvf IN A + (127.0.0.1)
query: c.1.8.1.6.b.e.f.f.f.3.6.b.1.2.0.d.d.0.2.2.3.5.1.2.8.4.d.f.c.d.f.ip6.arpa IN PTR + (127.0.0.1)
query: 3.1.168.192.in-addr.arpa IN PTR + (127.0.0.1)
query: b._dns-sd._udp.0.1.168.192.in-addr.arpa IN PTR + (127.0.0.1)
query: db._dns-sd._udp.0.1.168.192.in-addr.arpa IN PTR + (127.0.0.1)
query: r._dns-sd._udp.0.1.168.192.in-addr.arpa IN PTR + (127.0.0.1)
query: dr._dns-sd._udp.0.1.168.192.in-addr.arpa IN PTR + (127.0.0.1)
query: lb._dns-sd._udp.0.1.168.192.in-addr.arpa IN PTR + (127.0.0.1)
query: c.1.8.1.6.b.e.f.f.f.3.6.b.1.2.0.6.6.9.1.7.d.2.5.7.8.5.6.0.0.d.f.ip6.arpa IN PTR + (127.0.0.1)

Answer 1

In order:

1. Six entries caused by Google Chrome checking — twice, apparently — to see if you are the victim of an ISP, or an external advertiser-driven proxy DNS provider, that does NXDOMAIN hijacking.
2. One perfectly ordinary IPv6 address→name lookup for an address in the FD00::/8 block.
3. One perfectly ordinary IPv4 address→name lookup for an address in 192.168.0.0/16.
4. Five perfectly ordinary DNS Service Discovery/Bonjour browse lookups for what is presumably the LAN (192.168.1.0/24).
5. One perfectly ordinary IPv6 address→name lookup for another address in the FD00::/8 block.

Further reading

• S. Thomson, C. Huitema, V. Ksinant, and M. Souissi (October 2003). "IP6.ARPA domain". DNS Extensions to Support IP Version 6 . RFC 3596. Requests for Comments.