[EN] DNS crackers

Posted on October 17, 2009
Filed Under English

For some reason my DNS server gets queried for things I don’t serve. Of course, my DNS server does not allow recursive queries to anyone but me. These unwanted queries can basically be broken down into four types:

1. queries for the root DNS servers (‘./NS/IN’ denied)

2. queries for the PTR record of my IP address (‘11.159.90.86.in-addr.arpa/PTR/IN’ denied)

3. queries for a third-party website (‘www.cnnic.cn/A/IN‘ denied)

4. other queries (BIND version queries etc.)

For the record: the PTR record of my IP address is handled by my ISP, not me. Some of the type 1 and type 4 queries are ‘bona fide’. They’re being done by scanners belonging to e.g. ISC (the authors of BIND) in order to create statistics. I still don’t allow these, though.

I thought it would be interesting to make these queries, and who make them (or who are being spoofed to give off that appearance), available here.

One party that stands out like a sore thumb is Virtela Communications, Inc., which seems to be performing these unwanted queries from an entire network range. Anyone know what’s up with them?

Their rwhois server lists the IP addresses as belonging to:

network:Org-Name:Virtela Communications on behalf of IBM – Web Delivery Platform – SaaS
network:Street-Address:Videsh Sanchar Bhavan,  No.2 KEB Layout,,  Sanjay Nagar Main Road, Geddalahalli,
network:City:Bangalore

Other regular players (real or spoofed) are ‘Nintendo of America’, Google, Amazon’s Cloud Computing, CCBill, and Microsoft.

Comments

Comments are closed.

Bad Behavior has blocked 82 access attempts in the last 7 days.

Better Tag Cloud