[AusNOG] arpa.com.au.. wtf?? (telstra/optus/connect resolvers doing 'in-addr.arpa.com.au' requests?!
Tom Lanyon
tom at netspot.com.au
Tue Nov 24 21:33:42 EST 2009
On 24/11/2009, at 8:27 PM, Damien Gardner Jnr wrote:
> Although I can't think of any way of tracking it back without one of
> the ISP's in question doing some logging and seing where on their
> network the requests are coming from.. Unless anyone has some
> thoughts on something I can inject in as a bogus record under in-
> addr.arpa.com.au that would cause whatever it is to reveal itself?
> If it was messed-up forward lookup, I'd just point it at an unused
> IP, and tcpdump it for a few hours..
Are you only seeing queries to .arpa.com.au for records that do not
exist in the 'real' .arpa?
Tom
More information about the AusNOG
mailing list