topic Microsoft DNS in Getting Data In https://community.splunk.com/t5/Getting-Data-In/Microsoft-DNS/m-p/389774#M69762 <P>This might not be the right place for this question but I see DNS request that seem to have a recordtype = ZERO in my splunk logs. I don't know what would be causing this, it doesn't seem like a valid type that DNS would even let you query for.</P> <P>2/13/2019 11:48:59 AM 14E8 PACKET 000000A722BE61B0 UDP Rcv 10.10.10.106 d751 Q [0001 D NOERROR] ZERO <A href="http://www.microsoft.com">www.microsoft.com</A></P> <P>I am seeing tons of these from different client on different servers for different queries. Doesn't seem like they get passed on to the downstream DNS for resolution, but I don't know if this ZERO record is a hiccup on the DNS servers or with clients there are times when see thousands of them and normally it is like a few hundred. Anyone else have Microsoft DNS logs and see random queries for record type ZERO?</P> <P>Thank you,<BR /> Brian Kirk</P> Fri, 15 Feb 2019 21:24:09 GMT bkirk 2019-02-15T21:24:09Z Microsoft DNS https://community.splunk.com/t5/Getting-Data-In/Microsoft-DNS/m-p/389774#M69762 <P>This might not be the right place for this question but I see DNS request that seem to have a recordtype = ZERO in my splunk logs. I don't know what would be causing this, it doesn't seem like a valid type that DNS would even let you query for.</P> <P>2/13/2019 11:48:59 AM 14E8 PACKET 000000A722BE61B0 UDP Rcv 10.10.10.106 d751 Q [0001 D NOERROR] ZERO <A href="http://www.microsoft.com">www.microsoft.com</A></P> <P>I am seeing tons of these from different client on different servers for different queries. Doesn't seem like they get passed on to the downstream DNS for resolution, but I don't know if this ZERO record is a hiccup on the DNS servers or with clients there are times when see thousands of them and normally it is like a few hundred. Anyone else have Microsoft DNS logs and see random queries for record type ZERO?</P> <P>Thank you,<BR /> Brian Kirk</P> Fri, 15 Feb 2019 21:24:09 GMT https://community.splunk.com/t5/Getting-Data-In/Microsoft-DNS/m-p/389774#M69762 bkirk 2019-02-15T21:24:09Z