Comment by mekster
20 hours ago
Who are looking up PTR records?
54.in-addr.arpa looks to be Amazon's range and there are several others.
20 hours ago
Who are looking up PTR records?
54.in-addr.arpa looks to be Amazon's range and there are several others.
It's probably a lot of automated tooling/monitoring infrastructure that's doing reverse resolution of IPs to get hostnames.
Edit: I've found that sometimes they're pretty poor at caching responses so you end up with a lot of these requests.
Mail servers typically resolve a remote IP to a PTR. High number of PTR requests can indicate that the network is used to send email. Amazon (both SES and EC2) is one of the biggest email sources on the Internet (ranging from ham to marketing and there is huge spam volume from AWS too).
Thought I don’t expect mail servers to use quad9.
Why not?
I have unbound with upstream set to 1.1.1.1 and 9.9.9.9.