I’ve been seeing some fake hostnames in my HTTP logs and did some investigation. What kind of idiot puts internal DNS names on routed ips?
% host -t any 42.165.55.65.in-addr.arpa 42.165.55.65.in-addr.arpa domain name pointer bl2sch1081908.phx.gbl.
Had to do some tcpdumps etc to get them because my apache logs doesn’t log hostname and IP address, but eventually found it:
OrgName: Microsoft Corp OrgID: MSFT Address: One Microsoft Way City: Redmond StateProv: WA PostalCode: 98052 Country: US NetRange: 65.52.0.0 - 65.55.255.255
Some people should just be disconnected from the internet.
