[dns-operations] 220.127.116.11 / 18.104.22.168 also being used as authoritative NSs?
cet1 at cam.ac.uk
Tue Mar 8 18:05:03 UTC 2011
For about a year we have been counting packets between our network and
22.214.171.124 and 126.96.36.199 (public-dns-[ab].google.com]) on port 53, as we
wanted to see whether there was a significant uptake of Google DNS
In mid-January, there was a notable change: much larger numbers of local
addresses started showing very low numbers of such packets (1-5 per
day). I have now realised that this includes our own central recursive
nameservers. This could be explained by the Google addresses being
used as official NSs for some (not heavily used) domain.
To save me arranging some packet capture, can anyone say whether this
is true? It is possible, of course, that the domain(s) in question
are nothing to do with Google qua se, as any black hat could point
his NSs at these addresses - but to achieve what?
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations