Comment by mccoyc
14 hours ago
It's probably a lot of automated tooling/monitoring infrastructure that's doing reverse resolution of IPs to get hostnames.
Edit: I've found that sometimes they're pretty poor at caching responses so you end up with a lot of these requests.
Mail servers typically resolve a remote IP to a PTR. High number of PTR requests can indicate that the network is used to send email. Amazon (both SES and EC2) is one of the biggest email sources on the Internet (ranging from ham to marketing and there is huge spam volume from AWS too).
Thought I don’t expect mail servers to use quad9.