My server has had an IPv6 address for a few years now. I’ve just not gotten arround to properly advertise it in my DNS zones yet. Let alone register it as a name server for my domains. Strangely enough though, every day since 28 july 2011 I see these requests in my logs:
named[15984]: client 2001:da8:8000:d010:0:5efe:daf1:6c89#40681: query (cache) 'www.cnnic.cn/A/IN' denied named[15984]: client 2001:da8:8000:d010:0:5efe:daf1:6c89#40681: query (cache) 'www.cnnic.cn/A/IN' denied named[15984]: client 2001:da8:8000:d010:0:5efe:daf1:6c89#43074: query (cache) 'www.cnnic.cn/A/IN' denied named[15984]: client 2001:da8:8000:d010:0:5efe:daf1:6c89#40683: notify question section contains no SOA
That IPv6 address is owned by Shanghai Jiaotong University:
inet6num: 2001:0DA8:8000::/48
netname: SJTU6-CERNET2
descr: ~{IO:#=;M(4sQ’~}
descr: Shanghai Jiaotong University
descr: Shanghai 200030, China
admin-c: WW390-AP
tech-c: WW390-AP
tech-c: CER-AP
country: CN
changed: hostmaster@net.edu.cn 20041129
mnt-by: MAINT-CERNET-AP
status: ASSIGNED NON-PORTABLE
source: APNIC
So what could be the reason for these requests? Are they trying to determine which IPv6 addresses are running DNS resolvers for visitors of Chinese domains? But they couldn’t possible be scanning the complete IPv6 space? Or is that actually feasible?
If you have seen the same entries in your logs, please let me know in the comments.
I run 2 nameservers with (registered) v6 addresses, ns2.idefix.net and ns3.idefix.net. On ns2 I see exactly the same requests in the logs, on ns3 no mention of cnnic or that IPv6 address.
Very interesting.