Always happy to help! And wauh, times flies by these days...
First of all - I completely agree with you, that several things could be
better here ;-).
Taking the four major ones, the top list, from best to worst, might be like:
1. OpenDNS
2. Google
3. Quad 9/PCH
4. Cloudflare
Given your mention of "internal documentation", maybe there could be
something more for you to document, if you haven't already:
Google does, as mentioned previously, document their resolver
infrastructure on the Web, contrary to many others, but also with a JSON:
-> API/JSON: https://www.gstatic.com/ipranges/publicdns.json
OpenDNS is also documenting theirs, and also have PTR on the outgoing
resolver IP, but unfortunately, the PTR **doesn't always** point to one
of their OpenDNS.* domain names, which could be confusing:
Reaching OpenDNS Copenhagen:
- 146.112.135.70 (r7.compute.cph1.edc.strln.net)
- 2a04:e4c0:17::73 (r10.compute.cph1.edc.strln.net)
Reaching OpenDNS London:
- 208.69.34.73 (m53.lon.opendns.com)
- 2a04:e4c0:10::91 (r3.compute.lon1.edc.strln.net)
It is however consistent with their locations as retrieved from here:
-> Web: https://www.opendns.com/data-center-locations/
-> JSON:
https://umbrella-dns-requests.marketops.umbrella.com/api/data-center-locations
Currently, it seems very much a hit and miss, mostly miss, when reaching
any IP address with PTR records, through Quad 9. I haven't ever seen
Quad 9 document it like OpenDNS or Google.
With Cloudflare, I've never see any of their outbound resolver IP
addresses have any PTR records. I haven't ever seen Cloudflare document
it like OpenDNS or Google.
With the above possible ways to retrieve the OpenDNS and Google data,
you have the option to automate e.g. a weekly update of their resolver
addresses, if you feel for something like that in any way. ;)
--
Med venlig hilsen / Kind regards,
Arne Jensen
Den 15-11-2023 kl. 01:19 skrev Michael Peddemors via mailop:
Okay, not great at conforming to industry methods ;)
Thanks for that direct link, need to update our internal
documentation, but still no excuse for Google not to have reverse DNS
in place on these IPs.
Thanks Arne.
On 2023-11-13 21:59, Arne Jensen via mailop wrote:
Den 13-11-2023 kl. 23:35 skrev Michael Peddemors via mailop:
Of course, Google never SWIP's their segments very well, but with no
PTR records, not much to go on..
Not much to go on, hmm ...
... Have you tried the Google Public DNS documentation? :)
large DNS Queries coming from this range, anyone know if it has
legit usage?
- 192.178.65.2 = 10357
- 192.178.65.5 = 10327
- 192.178.65.8 = 9997
- 192.178.65.1 = 9602
- 192.178.65.7 = 9538
- 192.178.65.4 = 9492
- 192.178.65.3 = 9467
- 192.178.65.9 = 9378
- 192.178.65.6 = 8608
- 192.178.65.10 = 8557
Those, and the /28 from your Subject line should all be covered by
192.178.65.0/26?
-> https://developers.google.com/speed/public-dns/faq#locations
192.178.65.0/26 iad
192.178.65.64/26 del
192.178.65.128/25 cmh
[...]
Seems to be the IAD (Washington, DC) area of Google Public DNS to me.
--
Med venlig hilsen / Kind regards,
Arne Jensen
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
