On 2020-04-14 at 00:02 -0400, John Levine via mailop wrote: > In article <20200411183502.ga31...@hesketh.com> you write: > >And yet, for years, Google has been doing reverse-octet lookups against > >it. ... > > Can you provide a list of IPs that are sending the queries? I'd think that > would > be a lot more likely to identify the culprint than "Google". > > Remember that Google is also a big cloud hoster so it may be clueless > customers. > > > >1586629389 172.253.12.1 198.211.246.23.g.enemieslist.com A IN: NOERROR/0/50
The one IP address he is providing does not appear on _netblocks*.google.com but it has the normal whois for Google own IP addresses, not the one for GCE. That IP address does appear on https://developers.google.com/speed/public-dns/faq as being one of those used to perform public dns queries from zrh You may be able to gather some limited information about the actual range that is querying you via Google public dns servers from the EDNS Client Subnet information. Kind regards _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
