[dns-operations] High DNS query levels from certain IPs
John Kristoff
jtk at cymru.com
Tue Jul 6 12:55:39 UTC 2010
On Tue, 6 Jul 2010 01:16:58 -0700
Phil Pennock <dnsop+phil at spodhuis.org> wrote:
> In both cases, it's repeated resolution attempts for A/AAAA for
> entries used as NS glue records. The queries are coming in with
> EDNS0/4096/DO so I'm inclined to think it's not a completely naive
> client; I tried disabling NSID to see if that would help, but no.
It sounds a bit like what Sam saw:
<https://lists.dns-oarc.net/pipermail/dns-operations/2010-May/005695.html>
My view of it was described here:
<https://lists.dns-oarc.net/pipermail/dns-operations/2010-June/005699.html>
The addresses in question are routed by:
4263 | 12.130.136.11 | 12.130.128.0/18 | US | arin | 1983-08-23 | CERNET-ASN-BLOCK - California Education and Research Federation Network
21332 | 80.243.68.34 | 80.243.68.0/24 | RU | ripencc | 2001-10-29 | NTC-AS JSC _NTC_ (New Telephone Company)
Have you tried contacting anyone at either network? I don't think I
have a specific contact for either, sorry.
John
More information about the dns-operations
mailing list