[dns-operations] 8.8.8.8 / 8.8.4.4 also being used as authoritative NSs?
Chris Thompson
cet1 at cam.ac.uk
Tue Mar 8 18:05:03 UTC 2011
For about a year we have been counting packets between our network and
8.8.8.8 and 8.8.4.4 (public-dns-[ab].google.com]) on port 53, as we
wanted to see whether there was a significant uptake of Google DNS
locally.
In mid-January, there was a notable change: much larger numbers of local
addresses started showing very low numbers of such packets (1-5 per
day). I have now realised that this includes our own central recursive
nameservers. This could be explained by the Google addresses being
used as official NSs for some (not heavily used) domain.
To save me arranging some packet capture, can anyone say whether this
is true? It is possible, of course, that the domain(s) in question
are nothing to do with Google qua se, as any black hat could point
his NSs at these addresses - but to achieve what?
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list