[dns-operations] 8.8.8.8 / 8.8.4.4 also being used as authoritative NSs?

Chris Thompson cet1 at cam.ac.uk
Tue Mar 8 18:05:03 UTC 2011


For about a year we have been counting packets between our network and
8.8.8.8 and 8.8.4.4 (public-dns-[ab].google.com]) on port 53, as we
wanted to see whether there was a significant uptake of Google DNS
locally.

In mid-January, there was a notable change: much larger numbers of local
addresses started showing very low numbers of such packets (1-5 per
day). I have now realised that this includes our own central recursive 
nameservers. This could be explained by the Google addresses being
used as official NSs for some (not heavily used) domain.

To save me arranging some packet capture, can anyone say whether this
is true? It is possible, of course, that the domain(s) in question
are nothing to do with Google qua se, as any black hat could point
his NSs at these addresses - but to achieve what?

-- 
Chris Thompson               University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk    New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715       United Kingdom.



More information about the dns-operations mailing list