In what possible situations an ip 0.0.0.0 mapped to several domains would show up in passive DNS data?

Question

I am studying a sample of A records of passive DNS data (mapping between ips and domains) and I see that a lot of domains are mapped to 0.0.0.0 as an IP.

0.0.0.0|0192.de
0.0.0.0|0193.de
0.0.0.0|01nd.biz
0.0.0.0|021xc.net
0.0.0.0|027869.net
0.0.0.0|027hq.net
0.0.0.0|027shl.com
0.0.0.0|02k.biz
0.0.0.0|0304520.com

I am wondering if anybody knows what are the possible situations where a domain would be mapped to 0.0.0.0 in a DNS query?

Thanks!

score 0 · Answer 1 · answered Jan 09 '15 at 02:09

0

hope I can help you with this. It seens to me that these address have being blocklisted or blackholed in order to avoid access from users. This way the address can not be resolved since you can not supply a valid IP address. Thank you.

answered Jan 09 '15 at 02:09

J. Bruno

1

Thanks J. Bruno. By these addresses, do you mean the actual IP addresses underlying 0.0.0.0? So, can it be the case that the owner of the domain is purposely pointing its domains to such an ip address? – UserYmY Jan 11 '15 at 10:12

In what possible situations an ip 0.0.0.0 mapped to several domains would show up in passive DNS data?

1 Answers1