[dns-operations] 126.96.36.199 / 188.8.131.52 also being used as authoritative NSs?
david at opendns.com
Tue Mar 8 21:56:32 UTC 2011
On Mar 8, 2011, at 10:05 AM, Chris Thompson wrote:
> To save me arranging some packet capture, can anyone say whether this
> is true? It is possible, of course, that the domain(s) in question
> are nothing to do with Google qua se, as any black hat could point
> his NSs at these addresses - but to achieve what?
This happens to us in /large/ volumes periodically for reasons that bewilder us. The queries don't work as RD bit isn't set. If someone wants to discuss further, off-list, I am happy to provide details. I have a list from six months ago of about 1000 seemingly unrelated domains that pointed to us six months ago, and today not a single one does. In six months, the current list will turnover again.
It's bizarre, to say the least, though it causes us insignificant operational pain, so it's not a focus.
More information about the dns-operations