[dns-operations] High DNS query levels from certain IPs
ailiop at lsu.edu
Tue Jul 6 15:15:19 UTC 2010
On Tue, Jul 06, 2010 at 07:55:39AM -0500, John Kristoff wrote:
> The addresses in question are routed by:
> 4263 | 220.127.116.11 | 18.104.22.168/18 | US | arin | 1983-08-23 | CERNET-ASN-BLOCK - California Education and Research Federation Network
> 21332 | 22.214.171.124 | 126.96.36.199/24 | RU | ripencc | 2001-10-29 | NTC-AS JSC _NTC_ (New Telephone Company)
> Have you tried contacting anyone at either network? I don't think I
> have a specific contact for either, sorry.
The 188.8.131.52 one, actually responds to dns queries (it is not
an open resolver), and carries the usual BIND identification marks.
>From that, and from the SOA RNAME, a possible contact could be
maddie at vntc.ru, or you can try your luck calling someone over there
(http://www.vntc.ru/en/contacts/). Looks like a Russian local ISP.
More information about the dns-operations