[dns-operations] 8.8.8.8 / 8.8.4.4 also being used as authoritative NSs?

David Ulevitch david at opendns.com
Tue Mar 8 21:56:32 UTC 2011


On Mar 8, 2011, at 10:05 AM, Chris Thompson wrote:

> To save me arranging some packet capture, can anyone say whether this
> is true? It is possible, of course, that the domain(s) in question
> are nothing to do with Google qua se, as any black hat could point
> his NSs at these addresses - but to achieve what?

This happens to us in /large/ volumes periodically for reasons that bewilder us.  The queries don't work as RD bit isn't set.   If someone wants to discuss further, off-list, I am happy to provide details.  I have a list from six months ago of about 1000 seemingly unrelated domains that pointed to us six months ago, and today not a single one does.  In six months, the current list will turnover again.  

It's bizarre, to say the least, though it causes us insignificant operational pain, so it's not a focus.

-David




More information about the dns-operations mailing list