What are these Google IPs hammering on my DNS server?

• Previous message (by thread): What are these Google IPs hammering on my DNS server?
• Next message (by thread): What are these Google IPs hammering on my DNS server?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Did a bit of digging on Google's developer site and came across this:
> https://developers.google.com/speed/public-dns/faq#locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries
>
> Looks like the IPs you mentioned belong to Google's public DNS resolver
> based on that list on their site. They could also be spoofed though from a
> DNS AMP attack, so keep that in mind.

Per my recent message, the replies are tiny so if it's an amplification 
attack, it's a very incompetent one.  The queries are case randomized so I 
guess it's really Google.  Sigh.

If anyone is wondering, I have a passive aggressive countermeasure against 
some overqueriers that returns ten NS referral names, and then 25 random 
IP addresses for each of those names, but I don't do that to Google.

R's,
John

> ------------------------------------------------------------------------------
> *Accuris Technologies Ltd.*
>
>
> On Sun, Dec 3, 2023 at 1:51 PM John Levine <johnl at iecc.com> wrote:
>
>> At contacts.abuse.net, I have a little stunt DNS server that provides
>> domain contact info, e.g.:
>>
>> $ host -t txt comcast.net.contacts.abuse.net
>> comcast.net.contacts.abuse.net descriptive text "abuse at comcast.net"
>>
>> $ host -t hinfo comcast.net.contacts.abuse.net
>> comcast.net.contacts.abuse.net host information "lookup" "comcast.net"
>>
>> Every once in a while someone decides to look up every domain in the
>> world and DoS'es it until I update my packet filters. This week it's
>> been this set of IPs that belong to Google. I don't think they're
>> 8.8.8.8. Any idea what they are? Random Google Cloud customers? A
>> secret DNS mapping project?
>>
>>  172.253.1.133
>>  172.253.206.36
>>  172.253.1.130
>>  172.253.206.37
>>  172.253.13.196
>>  172.253.255.36
>>  172.253.13.197
>>  172.253.1.131
>>  172.253.255.35
>>  172.253.255.37
>>  172.253.1.132
>>  172.253.13.193
>>  172.253.1.129
>>  172.253.255.33
>>  172.253.206.35
>>  172.253.255.34
>>  172.253.206.33
>>  172.253.206.34
>>  172.253.13.194
>>  172.253.13.195
>>  172.71.125.63
>>  172.71.117.60
>>  172.71.133.51
>>
>> R's,
>> John
>>
>

Regards,
John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly

• Previous message (by thread): What are these Google IPs hammering on my DNS server?
• Next message (by thread): What are these Google IPs hammering on my DNS server?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]