[dns-operations] Large amount of queries received from OpenDNS
MAYER Hans
Hans.Mayer at iiasa.ac.at
Thu Mar 7 12:22:55 UTC 2019
Dear Antoine,
You are not alone. See my posting from March 5th.
If you don't have access to these old e-mails here a list I have seen since beginning of this year falling into my rate limit. There are primary IPv6 addresses and little IPv4.
m1.pao.opendns.com. 2620:0:cc3::11
m3.pao.opendns.com. 2620:0:cc3::13
m17.pao.opendns.com. 2620:0:cc3::14
m5.pao.opendns.com. 2620:0:cc3::15
m7.pao.opendns.com. 2620:0:cc3::17
m9.pao.opendns.com. 2620:0:cc3::19
m11.pao.opendns.com. 2620:0:cc3::21
m21.pao.opendns.com. 2620:0:cc3::29
m25.pao.opendns.com. 2620:0:cc3::34
m29.pao.opendns.com. 2620:0:cc3::39
m33.pao.opendns.com. 2620:0:cc3::60
m37.pao.opendns.com. 2620:0:cc3::65
m41.pao.opendns.com. 2620:0:cc3::70
m45.pao.opendns.com. 2620:0:cc3::75
m5.ams.opendns.com. 2620:0:cc4::15
m7.ams.opendns.com. 2620:0:cc4::17
m11.ams.opendns.com. 2620:0:cc4::21
m17.ams.opendns.com. 2620:0:cc4::65
m21.ams.opendns.com. 2620:0:cc4::66
m25.ams.opendns.com. 2620:0:cc4::67
m29.ams.opendns.com. 2620:0:cc4::68
m37.ams.opendns.com. 2620:0:cc4::70
m41.ams.opendns.com. 2620:0:cc4::71
m45.ams.opendns.com. 2620:0:cc4::72
m49.ams.opendns.com. 2620:0:cc4::73
m53.ams.opendns.com. 2620:0:cc4::74
m57.ams.opendns.com. 2620:0:cc4::75
m21.fra.opendns.com. 2620:0:cc7::64
m25.fra.opendns.com. 2620:0:cc7::65
m29.fra.opendns.com. 2620:0:cc7::66
m33.fra.opendns.com. 2620:0:cc7::67
m37.fra.opendns.com. 2620:0:cc7::68
m41.fra.opendns.com. 2620:0:cc7::69
m45.fra.opendns.com. 2620:0:cc7::70
m49.fra.opendns.com. 2620:0:cc7::71
m53.fra.opendns.com. 2620:0:cc7::72
m57.fra.opendns.com. 2620:0:cc7::73
m61.fra.opendns.com. 2620:0:cc7::74
m65.fra.opendns.com. 2620:0:cc7::75
m69.fra.opendns.com. 2620:0:cc7::76
m73.fra.opendns.com. 2620:0:cc7::77
m77.fra.opendns.com. 2620:0:cc7::78
m25.nyc.opendns.com. 2620:0:cc9::65
m29.nyc.opendns.com. 2620:0:cc9::66
m33.nyc.opendns.com. 2620:0:cc9::67
m37.nyc.opendns.com. 2620:0:cc9::68
m41.nyc.opendns.com. 2620:0:cc9::69
m45.nyc.opendns.com. 2620:0:cc9::70
m49.nyc.opendns.com. 2620:0:cc9::71
m53.nyc.opendns.com. 2620:0:cc9::72
m57.nyc.opendns.com. 2620:0:cc9::73
m61.nyc.opendns.com. 2620:0:cc9::74
m13.sin.opendns.com. 2620:0:cca::64
m17.sin.opendns.com. 2620:0:cca::65
m21.sin.opendns.com. 2620:0:cca::66
m25.sin.opendns.com. 2620:0:cca::67
m29.sin.opendns.com. 2620:0:cca::68
m33.sin.opendns.com. 2620:0:cca::69
m37.sin.opendns.com. 2620:0:cca::70
m41.sin.opendns.com. 2620:0:cca::71
m45.sin.opendns.com. 2620:0:cca::72
m49.sin.opendns.com. 2620:0:cca::73
m53.sin.opendns.com. 2620:0:cca::74
m57.sin.opendns.com. 2620:0:cca::75
m61.sin.opendns.com. 2620:0:cca::76
m65.sin.opendns.com. 2620:0:cca::77
m1.yyz.opendns.com. 2620:119:10::11
m3.yyz.opendns.com. 2620:119:10::13
m5.yyz.opendns.com. 2620:119:10::15
m7.yyz.opendns.com. 2620:119:10::17
m9.yyz.opendns.com. 2620:119:10::19
m11.yyz.opendns.com. 2620:119:10::21
m17.yyz.opendns.com. 2620:119:10::64
m21.yyz.opendns.com. 2620:119:10::65
m25.yyz.opendns.com. 2620:119:10::66
m29.yyz.opendns.com. 2620:119:10::67
m33.yyz.opendns.com. 2620:119:10::68
m37.yyz.opendns.com. 2620:119:10::69
m41.yyz.opendns.com. 2620:119:10::70
m49.yyz.opendns.com. 2620:119:10::72
m53.yyz.opendns.com. 2620:119:10::73
m21.sea.opendns.com. 2620:119:12::31
m25.sea.opendns.com. 2620:119:12::36
m29.sea.opendns.com. 2620:119:12::61
m33.sea.opendns.com. 2620:119:12::66
m41.sea.opendns.com. 2620:119:12::76
m45.sea.opendns.com. 2620:119:12::81
m49.sea.opendns.com. 2620:119:12::86
m17.lon.opendns.com. 2a04:e4c0:10::64
m21.lon.opendns.com. 2a04:e4c0:10::65
m25.lon.opendns.com. 2a04:e4c0:10::66
m29.lon.opendns.com. 2a04:e4c0:10::67
m33.lon.opendns.com. 2a04:e4c0:10::68
m37.lon.opendns.com. 2a04:e4c0:10::69
m41.lon.opendns.com. 2a04:e4c0:10::70
m45.lon.opendns.com. 2a04:e4c0:10::71
m49.lon.opendns.com. 2a04:e4c0:10::72
m53.lon.opendns.com. 2a04:e4c0:10::73
m57.lon.opendns.com. 2a04:e4c0:10::74
m61.lon.opendns.com. 2a04:e4c0:10::75
m65.lon.opendns.com. 2a04:e4c0:10::76
m69.lon.opendns.com. 2a04:e4c0:10::77
m73.lon.opendns.com. 2a04:e4c0:10::78
m77.lon.opendns.com. 2a04:e4c0:10::79
m5.nrt.opendns.com. 2a04:e4c0:20::15
m7.nrt.opendns.com. 2a04:e4c0:20::17
m9.nrt.opendns.com. 2a04:e4c0:20::19
m11.nrt.opendns.com. 2a04:e4c0:20::21
m17.nrt.opendns.com. 2a04:e4c0:20::64
m21.nrt.opendns.com. 2a04:e4c0:20::65
m25.nrt.opendns.com. 2a04:e4c0:20::66
m29.nrt.opendns.com. 2a04:e4c0:20::67
m33.nrt.opendns.com. 2a04:e4c0:20::68
m37.nrt.opendns.com. 2a04:e4c0:20::69
m41.nrt.opendns.com. 2a04:e4c0:20::70
m45.nrt.opendns.com. 2a04:e4c0:20::71
m49.nrt.opendns.com. 2a04:e4c0:20::72
m53.nrt.opendns.com. 2a04:e4c0:20::73
m80.sjc.opendns.com. 67.215.95.91
m81.sjc.opendns.com. 67.215.95.92
m82.sjc.opendns.com. 67.215.95.93
m83.sjc.opendns.com. 67.215.95.94
// Hans
-----Original Message-----
From: dns-operations <dns-operations-bounces at dns-oarc.net> On Behalf Of Antoine JOUBERT
Sent: Thursday, March 7, 2019 12:17 PM
To: dns-operations at dns-oarc.net
Subject: [dns-operations] Large amount of queries received from OpenDNS
Hi,
We've been receiving a large amount of queries from OpenDNS over the last month or so.
It looks like dictionary-based zone enumeration, but each record is requested between 10 and 20 times.
Is anybody else seeing the same behavior from OpenDNS's resolvers?
I've tried contacting them multiple times on their abuse mailbox (abuse at opendns.com<mailto:abuse at opendns.com>), but I've not received a reply yet.
Could anyone provide me with an alternate contact that could look into this issue?
Thanks!
Antoine
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net<mailto:dns-operations at lists.dns-oarc.net>
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-operations mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20190307/09898b79/attachment.html>
More information about the dns-operations
mailing list