World DNS scan projects

Scan all the DNS servers!

There are multiple DNS World scan project on-going.

These are some that I am seeing:

Open Resolver Project: scanning every Sunday.

Request is a A record for a personalised subdomain:

client ( IN A +


Shadowserver appears every few days in my log. Scanning occurs from the following two IPs:


client query: version.bind CH TXT +
client IN A +


Team Cymru

Every now and then I see Team Cymru scans. Super long domain names ending with

client IN A +

Two times in two days I observed these guys in my log. Not sure if they are legit. On their page they show a google-groups email that is not working at the moment..


client query: IN A -


Versignlabs 'United States' 'AS26134 VeriSign Infrastructure & Operations' A


The other requests observed are basically all malicious. A large part originates from the Ecatel AS as written about in this blogpost:

No comments:

Post a Comment