NEVERMIND! (was: Seeking Google reverse DNS delegation contact)

Christopher Morrow morrowc.lists at gmail.com
Thu Nov 17 02:29:09 UTC 2016


On Sun, Nov 13, 2016 at 3:57 PM, Christopher Morrow <morrowc.lists at gmail.com
> wrote:

> So... actually someone did tell arin to aim these at ns1/2google.com...
> I'll go ask arin to 'fix the glitch'.
>
>
the glitch got fixed, shortly after this message, but not by my/our
doing... hrm.. I see passive dns data:
bailiwick 136.8.204.in-addr.arpa.
count 19
first seen 2016-10-28 16:17:02 -0000
last seen 2016-11-13 08:59:50 -0000
136.8.204.in-addr.arpa. NS ns1.google.com.
136.8.204.in-addr.arpa. NS ns2.google.com.

and after that: (overlapping that)
bailiwick 204.in-addr.arpa.
count 2335
first seen 2015-05-01 16:20:01 -0000
last seen 2016-11-16 21:54:01 -0000
136.8.204.in-addr.arpa. NS ns1.rossinc.net.
136.8.204.in-addr.arpa. NS ns2.rossinc.net.

so.. I suspect ross digital/rossinc.net noticed they made a 'mistake' and
that that 'mistake' was seen externally and .. fixed things on thier own.

With that said, it's possible (so they'll also fix this new problem):
dig ns1.rossinc.net
dig ns2.rossinc.net

both are 'nxdomain' from:
;; ANSWER SECTION:
rossinc.net. 3057 IN NS ns57.domaincontrol.com.
rossinc.net. 3057 IN NS ns58.domaincontrol.com.

which seems sad, and bad.. and .. like someone has made another 'mistake' :(

rossinc, you probably want to fix this as well.



> thanks!
> -chris
> (sometimes people do this, I have no idea why... perhaps they just like
> broken ptrs?)
>
> On Thu, Nov 10, 2016 at 10:05 PM, Ronald F. Guilmette <
> rfg at tristatelogic.com> wrote:
>
>>
>>
>> My profuse apologies to everyone.  It seems that Google is not in fact
>> involved in any way with providing reverse DNS for the 204.8.136.0/21
>> IP address block.  I was deceived into believing it was by some
>> unusual trickey on the part of the spammer-controlled name servers
>> ns1.saversagreeable.com and ns2.saversagreeable.com.  You can see
>> the clever deception toward the very end of the dig +trace listing
>> I posted:
>>
>>     http://pastebin.com/raw/VNwmgMHh
>>
>> It seems those clever rascal spammers tried to implicate Google's
>> name servers, but it is only their's which are giving out the
>> reverse DNS which suoorts their snowshoe spamming efforts in the
>> 204.8.136.0/21 block.
>>
>> Sorry for my mistake everyone.  I wasn't expecting quite this level
>> or kind of reverse DNS delegation trickery.
>>
>>
>> Regards,
>> rfg
>>
>
>



More information about the NANOG mailing list