On Tue, Apr 16, 2019 at 5:19 PM Nimrod Levy <nim...@nimrod.is-a-geek.net> wrote: > > > > On Tue, Apr 16, 2019, 16:52 Ross Tajvar <r...@tajvar.io> wrote: >> >> I think it's clear that the IPs belong to Telia, but I understood James's >> point to be that the router using the IP in question may belong to China >> Unicom. (I agree with that, I was not thinking clearly this morning.) As >> this is an interconnect link, one side must belong to Telia and the other to >> China Unicom. The question, then, is which side are we looking at? Well, >> first I want to know how big the subnet is. I assume either /30 or /31. So, >> I do a reverse DNS lookup on all the IPs in the surrounding /30 block: >> 62.115.170.56 - sjo-b21-link.telia.net >> 62.115.170.57 - chinaunicom-ic-341501-sjo-b21.c.telia.net >> 62.115.170.58 - las-b24-link.telia.net >> 62.115.170.59 - chinaunicom-ic-341499-las-b24.c.telia.net >> That looks like two /31s. Only one IP in each has the name of China Unicom >> in it, so that one is probably in use by China Unicom, and the other is >> probably in use by Telia. >
that was my point yes. > I think we're making a lot of assumptions about how well PTR records are > maintained. All of this could be totally accurate. Or...not... this is totally true :) but... if the next hop after chinaunicom-ic-341501-sjo-b21.c.telia.net is a CU ip... it's better than average chance that the chinaunicom-ic-341501-sjo-b21.c.telia.net address is a telia /30 (or /31) on the ptp link between CU/Telia. That Telia owns the ip space and that PROBABLY the customer identification is correct. (cu) -chris
