You can't use DNS to get "all" service IP's of a service like S3 or a CDN for traffic engineering purposes. That will not work, ever (for services of such scale). The hackery is assuming you can build a list of service IP's by querying DNS.
There are a lot of reasons why someone may want this… particularly to manage *other* people geo-basing their transport, but is this a local hack or is this a feature of one of the major auth-DNS packages. If its local hackery, trying to manage for it becomes a thankless activity.
CDN's and huge service work like this, and they use the standardized tools like DNS they have at their disposal. Building lists of service IP's from DNS is what the "local-hackery" here is. Toby explained the proper way to get the IP ranges. It's not via DNS, it never was. ---------------------- I'm not sure where you got the idea that I wanted a list of all of their IPs. Sorry for any confusion and any offense at using the word "hackery" in a way you deemed inappropriate. Deepak