[dns-operations] DNS Queries from some 8.0/16 ranges
Warren Kumari
warren at kumari.net
Fri Jun 4 21:40:31 UTC 2010
Warren Kumari
------
Please excuse typing, etc -- This was sent from a device with a tiny
keyboard.
On Jun 4, 2010, at 4:32 PM, "Alexander Mayrhofer" <alexander.mayrhofer at nic.at
> wrote:
>
>> I've seen some of this. It looks like a massive enumeration attempt.
>> Looks like they are querying for all valid A/AAAA RRs they've
>> found out
>> about and PTR queries.
>
> Google's recursive DNS servers are "near" that range: They provide
> public recursive DNS on 8.8.8.8 and 8.8.4.4 - and they do pro-active
> "refetching" of records that are near their expiry.
>
> Info about their service here:
> http://code.google.com/speed/public-dns/docs/using.html
> "prefetching" is described here:
> http://code.google.com/speed/public-dns/docs/performance.html#prefetch
>
> I'm just speculating, but given they have seen decent popularity, such
> an "(p)refetching" round might look like an enumeration attempt. Of
> course, it can be something completely unrelated to Google's service -
> the "8.0/16" range just rang that bell...
>
Yup, I can confirm that this is not Google....
W
> Alex
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
More information about the dns-operations
mailing list