[AusNOG] arpa.com.au.. wtf?? (telstra/optus/connect resolvers doing 'in-addr.arpa.com.au' requests?!

Tom Lanyon tom at netspot.com.au
Tue Nov 24 21:33:42 EST 2009


On 24/11/2009, at 8:27 PM, Damien Gardner Jnr wrote:

> Although I can't think of any way of tracking it back without one of  
> the ISP's in question doing some logging and seing where on their  
> network the requests are coming from..  Unless anyone has some  
> thoughts on something I can inject in as a bogus record under in- 
> addr.arpa.com.au that would cause whatever it is to reveal itself?   
> If it was messed-up forward lookup, I'd just point it at an unused  
> IP, and tcpdump it for a few hours..

Are you only seeing queries to .arpa.com.au for records that do not  
exist in the 'real' .arpa?

Tom



More information about the AusNOG mailing list