Did a bit of digging on Google's developer site and came across this: https://developers.google.com/speed/public-dns/faq#locations_of_ip_address_r... Looks like the IPs you mentioned belong to Google's public DNS resolver based on that list on their site. They could also be spoofed though from a DNS AMP attack, so keep that in mind. Regards, Peter Potvin | Executive Director ------------------------------------------------------------------------------ *Accuris Technologies Ltd.* On Sun, Dec 3, 2023 at 1:51 PM John Levine <johnl@iecc.com> wrote:
At contacts.abuse.net, I have a little stunt DNS server that provides domain contact info, e.g.:
$ host -t txt comcast.net.contacts.abuse.net comcast.net.contacts.abuse.net descriptive text "abuse@comcast.net"
$ host -t hinfo comcast.net.contacts.abuse.net comcast.net.contacts.abuse.net host information "lookup" "comcast.net"
Every once in a while someone decides to look up every domain in the world and DoS'es it until I update my packet filters. This week it's been this set of IPs that belong to Google. I don't think they're 8.8.8.8. Any idea what they are? Random Google Cloud customers? A secret DNS mapping project?
172.253.1.133 172.253.206.36 172.253.1.130 172.253.206.37 172.253.13.196 172.253.255.36 172.253.13.197 172.253.1.131 172.253.255.35 172.253.255.37 172.253.1.132 172.253.13.193 172.253.1.129 172.253.255.33 172.253.206.35 172.253.255.34 172.253.206.33 172.253.206.34 172.253.13.194 172.253.13.195 172.71.125.63 172.71.117.60 172.71.133.51
R's, John