[dns-operations] High DNS query levels from certain IPs
Anthony Iliopoulos
ailiop at lsu.edu
Tue Jul 6 15:15:19 UTC 2010
On Tue, Jul 06, 2010 at 07:55:39AM -0500, John Kristoff wrote:
> The addresses in question are routed by:
>
> 4263 | 12.130.136.11 | 12.130.128.0/18 | US | arin | 1983-08-23 | CERNET-ASN-BLOCK - California Education and Research Federation Network
> 21332 | 80.243.68.34 | 80.243.68.0/24 | RU | ripencc | 2001-10-29 | NTC-AS JSC _NTC_ (New Telephone Company)
>
> Have you tried contacting anyone at either network? I don't think I
> have a specific contact for either, sorry.
The 80.243.68.34 one, actually responds to dns queries (it is not
an open resolver), and carries the usual BIND identification marks.
>From that, and from the SOA RNAME, a possible contact could be
maddie at vntc.ru, or you can try your luck calling someone over there
(http://www.vntc.ru/en/contacts/). Looks like a Russian local ISP.
Regards,
Anthony
More information about the dns-operations
mailing list