Scan all the DNS servers!
There are multiple DNS World scan project on-going.
These are some that I am seeing:
Open Resolver Project:OpenResolverProject.org scanning every Sunday.
Request is a A record for a personalised subdomain:
client 22.214.171.124#36482 (xxxxx.openresolverproject.org): IN A +
ShadowserverShadowserver.org appears every few days in my log. Scanning occurs from the following two IPs:
client 126.96.36.199#54444: query: version.bind CH TXT +
client 188.8.131.52#56412: dnsscan.shadowserver.org IN A +
Team CymruEvery now and then I see Team Cymru scans. Super long domain names ending with dnsresearch.cymru.com.
client 184.108.40.206#32347 ....20.t58951.dnsresearch.cymru.com IN A +
jupitoris.jaist.ac.jpTwo times in two days I observed these guys in my log. Not sure if they are legit. On their page they show a google-groups email that is not working at the moment..
client 220.127.116.11#54785: query: jupitoris.jaist.ac.jp IN A -
Versignlabs18.104.22.168 'United States' 'AS26134 VeriSign Infrastructure & Operations' xxxxxxxxxxxx.ortest.verisignlabs.com A
The other requests observed are basically all malicious. A large part originates from the Ecatel AS as written about in this blogpost: