[dns-operations] Unpublished IP addresses for Google Public DNS

Thu Oct 19 16:43:16 UTC 2017

Maybe silly, but you could do some enumeration test with scapy and whoami from multiple vantage points to build your list, and cross the results with the subnets declared at https://developers.google.com/speed/public-dns/faq (quick example at the bottom). 

The 172.17 prefixes are declared in the FAQ too, so these are confirmed valid ranges. 

E.g.: 

>>> a, u = sr(IP(dst='8.8.8.8') / UDP(sport=(12345, 12385), dport=53) / DNS(rd=1, qd=DNSQR(qname='whoami.akamai.net.', qtype='A', qclass='IN'))) 
Begin emission: 
..****************.******************.****Finished to send 41 packets. 
*** 
Received 45 packets, got 41 answers, remaining 0 packets 
>>> set([x[1][DNSRR].rdata for x in a]) 
set(['74.125.73.84', '74.125.181.15', '74.125.47.138', '74.125.47.129', '74.125.47.140', '74.125.73.77', '74.125.47.142', '74.125.47.145', '74.125.181.5', '74.125.181.4', '74.125.73.67', '74.125.47.14', '74.125.73.69', '74.125.73.68', '74.125.73.79', '74.125.73.82', '74.125.73.80']) 

From: "Babak Farrokhi" <babak at farrokhi.net> 
To: "Rajesh Maskara" <rajmask at microsoft.com> 
Cc: dns-operations at dns-oarc.net 
Sent: Thursday, October 19, 2017 4:44:31 PM 
Subject: Re: [dns-operations] Unpublished IP addresses for Google Public DNS 

Hi, 

I have seen several addresses from 172.217.42.x as source address from Google resolvers. Here is a list of IPs I’ve seen recently: 

172.217.42.3 
172.217.42.4 
172.217.42.5 
172.217.42.6 
172.217.42.7 
172.217.42.8 
172.217.42.9 
172.217.42.10 
172.217.42.11 
172.217.42.14 

Kind Regards, 

-- 
Babak Farrokhi 

On 12 Oct 2017, at 3:51, Rajesh Maskara wrote: 

Are following two IP addresses used by Google Public DNS for DNS resolution? 

172.217.42.2 

172.217.42.4 

These addresses are NOT included in published ranges: 

C:\>nslookup -type=TXT locations.publicdns.goog. | findstr "172.217." 

Non-authoritative answer: 

"172.217.32.0/26 lhr " 

"172.217.32.64/26 lhr " 

"172.217.32.128/26 sin " 

"172.217.33.0/26 syd " 

"172.217.33.64/26 syd " 

"172.217.33.128/26 fra " 

"172.217.33.192/26 fra " 

"172.217.34.0/26 fra " 

"172.217.34.64/26 bom " 

"172.217.34.192/26 bom " 

"172.217.35.0/24 gru " 

"172.217.36.0/24 atl " 

"172.217.37.0/24 gru " 

This is resulting in Traffic Managers like DYN etc to map the end-users incorrectly to CA, USA. 

Thanks, 
Rajesh Maskara 

Microsoft 

BQ_BEGIN

BQ_END

BQ_BEGIN

_______________________________________________ 
dns-operations mailing list 
dns-operations at lists.dns-oarc.net 
[ https://lists.dns-oarc.net/mailman/listinfo/dns-operations | https://lists.dns-oarc.net/mailman/listinfo/dns-operations ] 
dns-operations mailing list 
[ https://lists.dns-oarc.net/mailman/listinfo/dns-operations | https://lists.dns-oarc.net/mailman/listinfo/dns-operations ] 
BQ_END

_______________________________________________ 
dns-operations mailing list 
dns-operations at lists.dns-oarc.net 
https://lists.dns-oarc.net/mailman/listinfo/dns-operations 
dns-operations mailing list 
https://lists.dns-oarc.net/mailman/listinfo/dns-operations 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20171019/e050a302/attachment.html>