Did a bit of digging on Google's developer site and came across this: https://developers.google.com/speed/public-dns/faq#locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries

Looks like the IPs you mentioned belong to Google's public DNS resolver based on that list on their site. They could also be spoofed though from a DNS AMP attack, so keep that in mind.

Regards,

Peter Potvin | Executive Director

------------------------------------------------------------------------------

Accuris Technologies Ltd.

On Sun, Dec 3, 2023 at 1:51 PM John Levine <johnl@iecc.com> wrote:

At contacts.abuse.net, I have a little stunt DNS server that provides domain contact info, e.g.:

$ host -t txt comcast.net.contacts.abuse.net
comcast.net.contacts.abuse.net descriptive text "abuse@comcast.net"

$ host -t hinfo comcast.net.contacts.abuse.net
comcast.net.contacts.abuse.net host information "lookup" "comcast.net"

Every once in a while someone decides to look up every domain in the
world and DoS'es it until I update my packet filters. This week it's
been this set of IPs that belong to Google. I don't think they're
8.8.8.8. Any idea what they are? Random Google Cloud customers? A
secret DNS mapping project?

172.253.1.133
172.253.206.36
172.253.1.130
172.253.206.37
172.253.13.196
172.253.255.36
172.253.13.197
172.253.1.131
172.253.255.35
172.253.255.37
172.253.1.132
172.253.13.193
172.253.1.129
172.253.255.33
172.253.206.35
172.253.255.34
172.253.206.33
172.253.206.34
172.253.13.194
172.253.13.195
172.71.125.63
172.71.117.60
172.71.133.51

R's,
John