[dns-operations] DNS Queries from some 8.0/16 ranges
Alexander Mayrhofer
alexander.mayrhofer at nic.at
Fri Jun 4 20:32:13 UTC 2010
> I've seen some of this. It looks like a massive enumeration attempt.
> Looks like they are querying for all valid A/AAAA RRs they've
> found out
> about and PTR queries.
Google's recursive DNS servers are "near" that range: They provide
public recursive DNS on 8.8.8.8 and 8.8.4.4 - and they do pro-active
"refetching" of records that are near their expiry.
Info about their service here:
http://code.google.com/speed/public-dns/docs/using.html
"prefetching" is described here:
http://code.google.com/speed/public-dns/docs/performance.html#prefetch
I'm just speculating, but given they have seen decent popularity, such
an "(p)refetching" round might look like an enumeration attempt. Of
course, it can be something completely unrelated to Google's service -
the "8.0/16" range just rang that bell...
Alex
More information about the dns-operations
mailing list