[dns-operations] A lot of CNAME queries for domain ?
Michael Sinatra
michael at rancid.berkeley.edu
Thu Jul 5 19:30:43 UTC 2012
On 07/05/12 11:44, Jan-Piet Mens wrote:
>> Looking at it further, it does seem like the source IPs of these queries
>> are actually fake... as most seem to be consecutive IPs, like such:
>>
>> 74.125.126.86
>> 74.125.126.85
>> 74.125.126.84
>> 74.125.126.83
>> ...
>
> That netblock belongs to Google:
>
> NetRange: 74.125.0.0 - 74.125.255.255
> CIDR: 74.125.0.0/16
> OriginAS:
> NetName: GOOGLE
> NetHandle: NET-74-125-0-0-1
> Parent: NET-74-0-0-0-0
> NetType: Direct Allocation
> RegDate: 2007-03-13
> Updated: 2012-02-24
> Ref: http://whois.arin.net/rest/net/NET-74-125-0-0-1
My inference is that the above addresses are the backend to google's
recursive DNS service, as I see them quite a bit as well.
michael
More information about the dns-operations
mailing list