NEVERMIND! (was: Seeking Google reverse DNS delegation contact)
My profuse apologies to everyone. It seems that Google is not in fact involved in any way with providing reverse DNS for the 204.8.136.0/21 IP address block. I was deceived into believing it was by some unusual trickey on the part of the spammer-controlled name servers ns1.saversagreeable.com and ns2.saversagreeable.com. You can see the clever deception toward the very end of the dig +trace listing I posted: http://pastebin.com/raw/VNwmgMHh It seems those clever rascal spammers tried to implicate Google's name servers, but it is only their's which are giving out the reverse DNS which suoorts their snowshoe spamming efforts in the 204.8.136.0/21 block. Sorry for my mistake everyone. I wasn't expecting quite this level or kind of reverse DNS delegation trickery. Regards, rfg
So... actually someone did tell arin to aim these at ns1/2google.com... I'll go ask arin to 'fix the glitch'. thanks! -chris (sometimes people do this, I have no idea why... perhaps they just like broken ptrs?) On Thu, Nov 10, 2016 at 10:05 PM, Ronald F. Guilmette <rfg@tristatelogic.com
wrote:
My profuse apologies to everyone. It seems that Google is not in fact involved in any way with providing reverse DNS for the 204.8.136.0/21 IP address block. I was deceived into believing it was by some unusual trickey on the part of the spammer-controlled name servers ns1.saversagreeable.com and ns2.saversagreeable.com. You can see the clever deception toward the very end of the dig +trace listing I posted:
http://pastebin.com/raw/VNwmgMHh
It seems those clever rascal spammers tried to implicate Google's name servers, but it is only their's which are giving out the reverse DNS which suoorts their snowshoe spamming efforts in the 204.8.136.0/21 block.
Sorry for my mistake everyone. I wasn't expecting quite this level or kind of reverse DNS delegation trickery.
Regards, rfg
On Sun, Nov 13, 2016 at 3:57 PM, Christopher Morrow <morrowc.lists@gmail.com
wrote:
So... actually someone did tell arin to aim these at ns1/2google.com... I'll go ask arin to 'fix the glitch'.
the glitch got fixed, shortly after this message, but not by my/our doing... hrm.. I see passive dns data: bailiwick 136.8.204.in-addr.arpa. count 19 first seen 2016-10-28 16:17:02 -0000 last seen 2016-11-13 08:59:50 -0000 136.8.204.in-addr.arpa. NS ns1.google.com. 136.8.204.in-addr.arpa. NS ns2.google.com. and after that: (overlapping that) bailiwick 204.in-addr.arpa. count 2335 first seen 2015-05-01 16:20:01 -0000 last seen 2016-11-16 21:54:01 -0000 136.8.204.in-addr.arpa. NS ns1.rossinc.net. 136.8.204.in-addr.arpa. NS ns2.rossinc.net. so.. I suspect ross digital/rossinc.net noticed they made a 'mistake' and that that 'mistake' was seen externally and .. fixed things on thier own. With that said, it's possible (so they'll also fix this new problem): dig ns1.rossinc.net dig ns2.rossinc.net both are 'nxdomain' from: ;; ANSWER SECTION: rossinc.net. 3057 IN NS ns57.domaincontrol.com. rossinc.net. 3057 IN NS ns58.domaincontrol.com. which seems sad, and bad.. and .. like someone has made another 'mistake' :( rossinc, you probably want to fix this as well.
thanks! -chris (sometimes people do this, I have no idea why... perhaps they just like broken ptrs?)
On Thu, Nov 10, 2016 at 10:05 PM, Ronald F. Guilmette < rfg@tristatelogic.com> wrote:
My profuse apologies to everyone. It seems that Google is not in fact involved in any way with providing reverse DNS for the 204.8.136.0/21 IP address block. I was deceived into believing it was by some unusual trickey on the part of the spammer-controlled name servers ns1.saversagreeable.com and ns2.saversagreeable.com. You can see the clever deception toward the very end of the dig +trace listing I posted:
http://pastebin.com/raw/VNwmgMHh
It seems those clever rascal spammers tried to implicate Google's name servers, but it is only their's which are giving out the reverse DNS which suoorts their snowshoe spamming efforts in the 204.8.136.0/21 block.
Sorry for my mistake everyone. I wasn't expecting quite this level or kind of reverse DNS delegation trickery.
Regards, rfg
participants (2)
-
Christopher Morrow
-
Ronald F. Guilmette