On 5/20/07, Roger Marquis <marquis@roble.com> wrote:
Most of the individual nameservers do not answer queries, the ones that do are open to recursion, and all are hosted in cable/dsl/dial-up address space with correspondingly rfc-illegal reverse zones. Running 'host -at ns' a few times shows the list of nameservers is rotated every few seconds, and occasionally returns "server localhost".
They're likely not name servers, or at least not all name servers.. I'd venture a guess as to these being part of a "Snowshoe" spammer network... I've been getting hit by similar domains for a few weeks now.. Blocking seems to be the best way to handle them.. Looks like some of these are running nginx (http://nginx.net/) as a web server... I've seen others with centos installs.. My guess is that the web servers are for management of the spamming software..
Roger Marquis
-- Jason 'XenoPhage' Frisvold XenoPhage0@gmail.com http://blog.godshell.com