Re: Intermittent incorrect DNS resolution?

Erik Levinson erik.levinson at uberflip.com
Fri Jan 18 01:48:10 UTC 2013


Upon further investigation, in this particular Google case, it seems to be a customer's CNAME to a record of theirs which is an actual A record to our old IP, contrary to our instructions (we tell everyone to CNAME us, so we can change IPs as we wish, which we've done for the first time this year). So there is no Google problem.

-----Original Message-----
From: "Erik Levinson" <erik.levinson at uberflip.com>
Sent: Thursday, January 17, 2013 8:42pm
To: "Damian Menscher" <damian at google.com>
Cc: "NANOG mailing list" <nanog at nanog.org>
Subject: Re: Intermittent incorrect DNS resolution?

Thanks Damian. I see four requests with Google UAs from actual Google IPs, 66.249.73.45 and 66.249.73.17 (PTR and rwhois seem yours for both), in a period of 30 minutes (compared to over 80 per minute on the new IPs). This is pretty low, so I'm not too worried. 

Baidu is the main culprit now; there's little other traffic. In fact, we're getting no traffic from Baidu on the new IPs, only to the old ones. I've already e-mailed their spider help e-mail, but it's fallen on deaf ears.

Erik

-----Original Message-----
From: "Damian Menscher" <damian at google.com>
Sent: Thursday, January 17, 2013 1:58pm
To: "Erik Levinson" <erik.levinson at uberflip.com>
Cc: "NANOG mailing list" <nanog at nanog.org>
Subject: Re: Intermittent incorrect DNS resolution?

On Wed, Jan 16, 2013 at 8:09 PM, Erik Levinson
<erik.levinson at uberflip.com>wrote:

> To give an idea of the scale of the problem right now, I'm getting
> thousands of requests per minute to a new IP vs. about two requests per
> minute on the equivalent old IP, with over 60% of the latter being Baidu,
> but also a bit of Googlebot and other random bot and non-bot UAs.
>

It's common for malware to spoof the Googlebot user-agent since they know
most webmasters won't block it.  You might want to check whether the IPs
you're seeing it from are really allocated to us -- if so, I'd be
interested in tracking down why we're crawling your old IP.

Damian






More information about the NANOG mailing list