[dns-operations] Unpublished IP addresses for Google Public DNS
Andrea Barberio
insomniac at slackware.it
Thu Oct 19 16:43:16 UTC 2017
Maybe silly, but you could do some enumeration test with scapy and whoami from multiple vantage points to build your list, and cross the results with the subnets declared at https://developers.google.com/speed/public-dns/faq (quick example at the bottom).
The 172.17 prefixes are declared in the FAQ too, so these are confirmed valid ranges.
E.g.:
>>> a, u = sr(IP(dst='8.8.8.8') / UDP(sport=(12345, 12385), dport=53) / DNS(rd=1, qd=DNSQR(qname='whoami.akamai.net.', qtype='A', qclass='IN')))
Begin emission:
..****************.******************.****Finished to send 41 packets.
***
Received 45 packets, got 41 answers, remaining 0 packets
>>> set([x[1][DNSRR].rdata for x in a])
set(['74.125.73.84', '74.125.181.15', '74.125.47.138', '74.125.47.129', '74.125.47.140', '74.125.73.77', '74.125.47.142', '74.125.47.145', '74.125.181.5', '74.125.181.4', '74.125.73.67', '74.125.47.14', '74.125.73.69', '74.125.73.68', '74.125.73.79', '74.125.73.82', '74.125.73.80'])
From: "Babak Farrokhi" <babak at farrokhi.net>
To: "Rajesh Maskara" <rajmask at microsoft.com>
Cc: dns-operations at dns-oarc.net
Sent: Thursday, October 19, 2017 4:44:31 PM
Subject: Re: [dns-operations] Unpublished IP addresses for Google Public DNS
Hi,
I have seen several addresses from 172.217.42.x as source address from Google resolvers. Here is a list of IPs I’ve seen recently:
172.217.42.3
172.217.42.4
172.217.42.5
172.217.42.6
172.217.42.7
172.217.42.8
172.217.42.9
172.217.42.10
172.217.42.11
172.217.42.14
Kind Regards,
--
Babak Farrokhi
On 12 Oct 2017, at 3:51, Rajesh Maskara wrote:
Are following two IP addresses used by Google Public DNS for DNS resolution?
172.217.42.2
172.217.42.4
These addresses are NOT included in published ranges:
C:\>nslookup -type=TXT locations.publicdns.goog. | findstr "172.217."
Non-authoritative answer:
"172.217.32.0/26 lhr "
"172.217.32.64/26 lhr "
"172.217.32.128/26 sin "
"172.217.33.0/26 syd "
"172.217.33.64/26 syd "
"172.217.33.128/26 fra "
"172.217.33.192/26 fra "
"172.217.34.0/26 fra "
"172.217.34.64/26 bom "
"172.217.34.192/26 bom "
"172.217.35.0/24 gru "
"172.217.36.0/24 atl "
"172.217.37.0/24 gru "
This is resulting in Traffic Managers like DYN etc to map the end-users incorrectly to CA, USA.
Thanks,
Rajesh Maskara
Microsoft
BQ_BEGIN
BQ_END
BQ_BEGIN
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
[ https://lists.dns-oarc.net/mailman/listinfo/dns-operations | https://lists.dns-oarc.net/mailman/listinfo/dns-operations ]
dns-operations mailing list
[ https://lists.dns-oarc.net/mailman/listinfo/dns-operations | https://lists.dns-oarc.net/mailman/listinfo/dns-operations ]
BQ_END
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-operations mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171019/e050a302/attachment.html>
More information about the dns-operations
mailing list