[dns-operations] Some issues with Google's recursive servers

Borja Marcos borjam at sarenet.es
Wed Jan 26 09:57:58 UTC 2022


Not Google’s fault at all, but a customer was suffering SERVFAILS when Google’s servers queried their authoritatives.

Turns out the customer filters queries to the authoritative servers using a firewall (sigh!) and they have applied country
specific restrictions (ubersigh!). It seems that the query source addresses changed yesterday and the new range (172.253.5.0/24)
 appears as “Hong Kong” in at least some of the usual IP address to country databases.

The ones I saw are:

2022-01-25 10:54:50.880  5334.784 any       172.253.5.129       39(10.3)    39000(10.3)    2.9 M( 9.8)        7     4356    74
2022-01-25 10:56:42.496  4996.608 any       172.253.5.130       33( 8.8)    33000( 8.8)    2.4 M( 8.1)        6     3821    72
2022-01-25 11:06:02.624  4692.736 any       172.253.5.132       28( 7.4)    28000( 7.4)    2.1 M( 7.2)        5     3644    76
2022-01-25 10:55:15.200  5168.384 any       172.253.5.196       28( 7.4)    28000( 7.4)    2.0 M( 6.9)        5     3151    72
2022-01-25 10:55:18.784  5272.320 any       172.253.5.131       26( 6.9)    26000( 6.9)    2.0 M( 6.8)        4     3039    77
2022-01-25 10:56:46.592  5249.792 any       172.253.5.194       26( 6.9)    26000( 6.9)    2.0 M( 6.8)        4     3067    77
2022-01-25 10:55:54.880  5082.368 any       172.253.5.195       26( 6.9)    26000( 6.9)    1.8 M( 6.2)        5     2889    70
2022-01-25 10:54:39.360  5038.336 any       172.253.5.193       25( 6.6)    25000( 6.6)    1.9 M( 6.3)        4     2977    75
2022-01-25 10:56:25.856  5034.240 any       172.253.5.197       21( 5.6)    21000( 5.6)    1.6 M( 5.2)        4     2466    73
2022-01-25 10:59:57.056  4976.384 any       172.253.5.133       20( 5.3)    20000( 5.3)    1.6 M( 5.4)        4     2576    80


Just thought you would love to know!

Cheers,




Borja.








More information about the dns-operations mailing list