1.1.1.1: Cloudflare's New DNS Attracting 'Gigabits Per Second' of Rubbish

An anonymous reader quotes a report from ZDNet: Cloudflare's new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Center (APNIC). The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy. "We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," wrote APNIC's chief scientist Geoff Huston in a blog post. "We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs. We are also unclear how much of the DNS is related to end user or application requirements for name resolution, and how much is related to the DNS chattering to itself."

The Cloudflare-APNIC experiment uses two IPv4 address ranges, 1.1.1/24 and 1.0.0/24, which have been reserved for research use. Cloudflare's new DNS uses two addresses within those ranges, 1.1.1.1 and 1.0.0.1. These address ranges were originally configured as "dark traffic addresses", and some years ago APNIC partnered with Google to analyze the unsolicited traffic directed at them. There was a lot of it. "Our initial work with it certainly showed it to be an unusually strong attractor for bad traffic. At the time we stopped doing it with Google, it was over 50 gigabits per second. Quite frankly, few folk can handle that much noise," Huston told ZDNet on Wednesday. By putting Cloudflare's DNS on these research addresses, APNIC gets to see the noise as well as the DNS traffic -- or at least "a certain factored amount" of it -- for research purposes.

now also being slashdotted

[Narcocide]

Oh, this was their plan all along. Heh, well, I hope it doesn't turn out to be a mistake that to have hired people who don't understand DNS...

Re:

[jellomizer]

I think a web server running on a low end system is powerful enough to prevent from being Slashdotted today.
Slashdot hasn't grown at the same rate computing has grown.
Slashdot has been late posting news articles, compared to other sites who have larger volume, so by the time it gets on slashot, the site has already adjusted for the volume.
Often most site are on the cloud, so they just request extra bandwidth.

The slashdot effect hasn't been a thing for years

[sjbe]

I think a web server running on a low end system is powerful enough to prevent from being Slashdotted today.

There haven't been enough people on slashdot for many years for the slashdot effect to be a thing. Plus as you point out the networks are a lot more robust these days.

Slashdot hasn't grown at the same rate computing has grown.

Indeed, slashdot has substantially shrunk to all appearances. This used to be a place where a lot of alpha geeks hung out but slashdot never evolved or got better. Just look at how the average number of comments per article has shrunk over the last decade.

Re:

[Anonymous Coward]

just look at how the average number of comments per article has shrunk over the last decade.

Nothing worth commenting on.

(1) Crap articles
(2) Reposts of crap articles

Re:

[Rob Lister]

Just look at how the average number of comments per article has shrunk over the last decade.

Can you prove that? I'm betting that just the average number of AC's we have per thread now greatly exceeds the number named postings per thread ten or twenty years ago.

Re:

[jon3k]

I'm really curious as well. Does slashdot have a proper api that would allow someone to do some analysis on this?

Also, where did everyone go? Reddit? What subs? Has the very specific nature of subreddits fractured what used to be a large single audience?

Re:

[Anonymous Coward]

Slashdot doesn't even support fucking unicode, why would you think it has any kind of api?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[RobertNotBob]

... I hope it doesn't turn out to be a mistake that to have hired people who don't understand DNS...

Yeah, that stood out to me, too. ... How can you hire a "Chief Scientist" who doesn't understand the basic mechanisms of the environment you're operating within?

Re: "Chief Scientist" who doesn't understand...

[zooblethorpe]

... I hope it doesn't turn out to be a mistake that to have hired people who don't understand DNS...

Yeah, that stood out to me, too. ... How can you hire a "Chief Scientist" who doesn't understand the basic mechanisms of the environment you're operating within?

I dunno, that sounds about right for the current political environment in the US. Ideology and Wishy Thinking FTW!

:-P

Cheers,

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Everybody gets what they want

[Anonymous Coward]

If you are worried about this I would suggest you disconnect from the internet.

Re:

[jellomizer]

Nah, I just download the DNS (Well I get a daily differential) data daily. Using sed and a bash script I update my /etc/host file So I don't need to use any of that silly DNS stuff.

Re:Everybody gets what they want

[DontBeAMoran]

Oh yeah? Well, I'll build my own DNS! With blackjack, and hookers!

Re:

[Assmasher]

Out of honest curiosity, does CloudFlare have a reputation for this type of thing or are you exercising your paranoia about potentialities (which in matters like this is a GOOD thing.)

Re:

[ckaminski]

If it's Free, it's going to be used to gather data from you and then resell for value.

Period.

Even if it's not free, odds are your data is going to be aggregated and sold.

It may be anonymized to some extent, but get a large enough sample of data from enough sources and you can be deanonymized.

Re:

[Assmasher]

I thought they were a 'freemium' model; ergo, they don't need to make money off their free customers...

Research

[symes]

I would be very interested in following the research they are undertaking. Anyone know how/where this will be published?

Re:

[Rosco P. Coltrane]

Wherever it gets published, you can bet you'll have to solve an impossible captcha to get to it.

Re: Research

[Anonymous Coward]

The NSA doesnâ(TM)t usually release the results of their studies.

Re:

[arth1]

I would be very interested in following the research they are undertaking. Anyone know how/where this will be published?

And when the research will be completed, with the 1.1.1.1 and 1.0.0.1 addresses going back to IANA and no longer serving DNS? I bet that some people bought the hype and thought that these would be perpetual addresses, and not just a research run.

Re: Research

[aleph]

Why on earth would the whole /8 revert to IANA? As per the *summary*, even, that whole block is delegated to APNIC.

A world beyond North America, bizarre I know.

Re:

[RockDoctor]

I bet that some people bought the hype and thought that these would be perpetual addresses

What is this concept of a "permanent address" in relation to TCP/IP? It might seem permanent to you, but some of us are actually older than the Internet and view such things as just recent fads. I wouldn't be surprised if the people (*) who write the major networking protocols in use when I die haven't been conceived yet.

(*) - includes programs, including ones with formal proofing built into the compiler.

Re:

[Zocalo]

The IPs are assigned to APNIC, a RIR, and they are free to assign them to whoever they want that meets their assignment policies, including entitities that are not Headquartered in the APNIC region. There is some debate in high-level networking groups like NANOG about whether those procedures were correctly followed, but that ultimately hinges on whether this is a joint APNIC-Cloudflare research project or a permanent assignment. The former is arguably within APNIC's currently agreed scope for the IPs in

Re:Research

[onepoint]

Hi Zocalo,

I come from a time when we looked at cycles of a process to see what we could do to reduce the cpu's usage ( and all the other steps ), I believe the reason for working in the IPv4 space is similar to that, they are first trying to find out what is going on with the least amount of junk in the system from their end.

DNS resolving is such a critical issue that the lessons learned in one space, Might ( not will or work ) be transferable to the IPv6 space. So I would think that the processing cycle savings by working in IPv4 space might be a huge ( well my math is rusty so 255 x 254 x 253 = 16386810 in savings per processing cycle ) not a lot but still a small saving.

Another perspective also brings out the point, that if the junk traffic can be cleaned out ( nulled ), the new savings can be used for better end-user experience. We have a correlated example of this back when hurricane sandy hit. Spam numbers decreased by a noticeable percentage, this would lead to the following assumptions ( but not fact ), Less energy use overall. So testing on the starting platform, finding results, and seeing if it can be brought out to the next level is a good thing for the growth of the 'net'

of course I could be totally wrong and it was some upper management choice because they did not know better.

Re:

[Zocalo]

Similar era here; cycles counted and the innermost of a deep nest of loops was usually a good place to start as even one less processor cycle could be removed you could often improve things considerably when you multiplied it all out, although I don't think that's it since there are a few competing DNS engines, which all hopefully pretty well optimised in their core code already at this point (feature bloat aside), and presumably Cloudflare is only going to be running one of them. Realistically, I'm only s

Re:

[onepoint]

I suspect you are correct in thinking of protection of the DNS or a website when under attack. You might appreciate this https://twitter.com/olesovhcom... [twitter.com] 2 years ago someone got hit with an attack, 1.1 T not G but T. being able to shield one's self from these types of attacks might be ok.

Now a funny thing about junk traffic, it's a good place to learn what to filter out, I look forward to a cleaner system over the next 10 years ( when I owned an ISP back in 2000 we were fighting the same battle and no one

Re:

[Anonymous Coward]

So I would think that the processing cycle savings by working in IPv4 space might be a huge ( well my math is rusty so 255 x 254 x 253 = 16386810 in savings per processing cycle ) not a lot but still a small saving.

I have no idea what is meant by your numbers. "Processing cycles saved"??? Doing what? And where do 255, 254, and 253 come from? Since the smallest unit of work in a CPU is a cycle, 16,386,810 cycles is A LOT of processing. Even on a 3ghz CPU, that represents 5.5ms of work. Taking 5ms to respond to a DNS request is forever. The full round trip, from the time wireshark on my desktop sees the packet leave to the time it sees the response packet is ~270us. That includes all fixed delays like Ethernet frame ser

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Killall -9 Bash]

Or for windows bat files....

REM wait 10 seconds
ping 1.1.1.1 -n 10 > nul

I often use 1.1.1.1 as a "garbage" IP address. Anyone using that address should expect to get flooded with pings.

Re: Research

[Brockmire]

Fucking fail. Use 127.0.0.1. You deserve it if you did this for sleeping.

Re:

[Killall -9 Bash]

No. you want an address that doesn't respond, and you set the timeout to 1 second. You fucking fail. And what exactly am I getting that I deserve? I'm not the idiot using 1.1.1.1

Re:

[F.Ultra]

So "timeout /t 10 /nobreak > NUL" was not cool enough I guess.

Experiment?

[RadioD00d]

The summary repeatedly calls this an 'experiment' - does that also indicate that at some point, these nameservers will be disabled / changed / removed in the guise of 'science'? Since TANSTAAFL, I find it difficult to believe that even Cloudflare (who makes buckets of money in other ways) is just going to give away this service forever. I know, THEY'RE GATHERING DATA - if you're that concerned about the crap you post on the internet, you either need to re-evaluate your exposure or just cut your ethernet cable entirely....

Re:Experiment?

[godrik]

you either need to re-evaluate your exposure or just cut your ethernet cable entirely....

My ethernet cable ? Jeez, this is the 21st century! I'll cut my WiFi cable, thank you very much!

Re:Experiment?

[apoc.famine]

With a Faraday knife!

Re:

[freeze128]

Don't bother cutting your WiFi cable... I'll do it for you... with a JAMMER! I bet you wish you had an ethernet cable *NOW*.

Re:

[gbjbaanb]

or, the give the jammer its proper name - next door's stupidly configured TV streaming box.

Re:

[lfourrier]

Don't forget that all Google "products" are just experiments, valid only as long as they find benefit in them.

Re:

[Tulsa_Time]

"The research relationship is set to run for at least five years, after which it may be renewed and APNIC will consider permanently allocating the 1.1.1.1 IP address – along with 1.0.0.1 – to Cloudflare."

Re:Solution to amplification DDoS exists for 18 ye

[arglebargle_xiv]

Meh. Implementing RFC 3514 is far more useful, you could automatically disconnect all evildoers, not just threaten to disconnect people who may be evil.

Re:Solution to amplification DDoS exists for 18 ye

[SpzToid]

https://en.wikipedia.org/wiki/... [wikipedia.org]

Opaque?

[Viol8]

"yet the details of the way it operates still remains largely opaque"

Opaque to whom? Not to net admins and other people who understand DNS. If they're hoping Joe Schmoe will understand or care then they've got a long wait.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[arth1]

Directing traffic at 1.1.1.1 is a little like calling 867-5309.

More like calling 555-1212 than Jenny, I'm afraid.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:867-5309

[PPH]

invoke a better humor response.

Humor timed out. No route to host.

Gigabits per second of rubbish? No shit.

[BlacKSacrificE]

There are plenty [symantec.com] of [schalley.eu] examples [experts-exchange.com] of people suggesting ping to 1.1.1.1 as a delay in batch scripting. The thought of batches all over the world now failing because people used a kludge method to pause was only slightly more amusing than the thought of all the junk traffic 1.1.1.1 would see as a result.

For our next amazing trick, we're going to make 555-xxxx a valid number range! Follow the action live at example.com!

Re:

[coofercat]

I was wondering where this traffic was coming from - and why. Here's one place (who knew! yet another reason Windows has been 'bad for tech' ;-), and I'll bet there are others that do something similar.

I wonder if the 'script kiddies' scan 1.x.x.x looking for old wordpress, and default SSH accounts? I'll bet at least some of them do.

I'm left wondering what analysis of this 'spam traffic' is going to tell anyone though. Hopefully they'll publish some of their findings so we can take a peek.

Re:

[Zocalo]

There's also a lot coming from captive portals that use 1.1.1.1 as a login/logout gateway IP, including some turnkey solutions provided by the likes of Cisco that are heavily deployed in providing free WiFi services to things like the hospitality trade. Yeah, they could (and should!) have used RFC1918 IPs as the default configuration for this, just like your home router tends to default to 192.168.1.1, but for whatever reason decided to default to 1.1.1.1 instead. Since that (fairly obviously) is highly u

Re:

[DamnOregonian]

I'm a network engineer, so I am not remotely justifying what I'm about to describe. I'm the chief engineer on several large residential fiber to the home deployments, and as such get to play around a lot in not-off-the-shelf CPE equipment. You'd be amazed how much I see 1.1.1.1 used. It confused me for a while, but now I get it. If you need an RFC1918 address that you're basically guaranteed no user or ISP back end configuration will overlap with- guess what.

The current equipment I'm working on (and have

Re:

[deadweight]

The sleep command was too hard? Sleep 10 gives you a 10 second delay and so on.

Re:

[Anonymous Coward]

Windoze (pun intended) doesn't have a built-in sleep command for batch files. What fun!

Re:

[Anonymous Coward]

Since windows 7 / Server 2008+ it does, the TIMEOUT command, doesn't help if you have to use the script on order environments, but still...

Re:

[Anonymous Coward]

Use the CHOICE command with a timeout starting with DOS 6.0.

https://en.wikipedia.org/wiki/Choice_(command)

RRK

Re:

[fizzer06]

People have written sleep utilities in compiled languages for use in batch files.

Re:

[The MAZZTer]

For the rare occasion where I write a batch file like that I use 127.255.255.255... it always fails by timing out (so you can specify a timeout to control batch delay) and it only uses the localhost virtual network adapter so you're not spamming over the LAN or internet.

Re:

[Anonymous Coward]

I keep seeing people complaining about this breaking batch scripts that ping 1.1.1.1, but Cloudflare isn't responding to ICMP requests as far as I can tell. Just because an IP address is active, doesn't mean that it will respond to a ping.

Re:Gigabits per second of rubbish? No shit.

[omnichad]

ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=16ms TTL=53
Reply from 1.1.1.1: bytes=32 time=16ms TTL=53
Reply from 1.1.1.1: bytes=32 time=16ms TTL=53
Reply from 1.1.1.1: bytes=32 time=16ms TTL=53

Maybe your ISP just doesn't route the traffic. That's a fast link. Though Google DNS is 15ms from here.

Re:

[DamnOregonian]

That's a fast link.

Na. It's anycast. Your ping is dependent upon how close you are to the closest node. Being I peer with cloudflare at the SIX, i'm very close to my closest node.

[x@x ~]$ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
1 x (x.x.x.x) 0.232 ms 0.313 ms 0.371 ms
2 x (x.x.x.x) 0.295 ms 0.381 ms 0.466 ms
3 x (x.x.x.x) 27.807 ms 27.894 ms 28.005 ms
4 six.as13335.com (206.81.81.10) 0.293 ms 0.292 ms 0.292 ms
5 1dot1dot1dot1.cloudflare-dns.com (1.1.1.1) 0.212

Re:

[omnichad]

Well yeah, but that is what makes it a fast link. I haven't tested performance on Google's DNS lately, but Cloudflare might be worth trying out for DNS even if it's a potentially unroutable IP from some places.

Re:

[DamnOregonian]

Oh, you meant fast as in RTT fast... My bad. I thought you meant "throughput" fast. (wide pipe vs. short pipe)
That's my bad.

Re:

[omnichad]

Bandwidth isn't exactly important for DNS queries, but latency is.

Re:

[DamnOregonian]

It's not important at all for DNS queries. It's important for DNS servers. I run 8 authoritative nameservers. You know what's worse than 100ms of latency? 40% packet loss because you don't have the bandwidth to handle the queries.

Typically, when someone says, That's a fast link. they're referring to bandwidth. I see that you were not ;)

Re:

[omnichad]

If you're getting 40% packet loss, the ping times would be higher or intermittent. It's still a better metric for the end user for DNS than bandwidth.

Sure, typically fast link means something else - but we have context here.

Re:

[DamnOregonian]

If you're getting 40% packet loss, the ping times would be higher

That's dependent on the amount of buffer bloat you have. Ideally, no, the ping times won't be different.

or intermittent

Absolutely- like missing 40% of the time....................

It's still a better metric for the end user for DNS than bandwidth.

End user? Yes. Though again, you're going to notice a saturated link long before you notice an extra 40ms of latency in DNS RTT.

Sure, typically fast link means something else - but we have context here.

I'd argue incorrect, or at best highly unorthodox usage, even given the context. Full disclosure, I am a network engineer. I do this for a living. My DNS infrastructure hosts 12285 domains, and I'm the head engineer for

Re:

[Bengie]

I second DamnOregonian. I was testing a 1Gb DOS against my 150Mb connection, and I was getting 85% loss with 20-40ms pings to my ISP. Bufferbloat, fix it.

Re:

[DamnOregonian]

Also- it works fine for DNS. We've been playing with it for a little bit.
It's in the global BGP tables, so you're going to be able to access it basically anywhere, except possibly a few networks operated by morons, or behind equipment that made the unfortunate choice of using 1.1.1.0 a management prefix internally.

Re:

[oddtodd]

I've been using it for a couple days and it's orders of magnitude better than AT&T DNS servers.

Re:

[DamnOregonian]

That's obscenely close. Comcast likely has much of its internal networking from the customer to the edge obscured via MPLS or other transport mechanisms. Your 6 hops don't complete in *zero*.246ms.

Re:

[Szeraax]

Because I can:

ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=4ms TTL=61
Reply from 1.1.1.1: bytes=32 time=3ms TTL=61
Reply from 1.1.1.1: bytes=32 time=3ms TTL=61
Reply from 1.1.1.1: bytes=32 time=4ms TTL=61

Viva la fiber!

ps, google is around 45ms for ping, but i've seen it as low as 20ms for stretches.

Re: Gigabits per second of rubbish? No shit.

[Brockmire]

My VPS's get sub 1ms ping times. It gets lonely and loud living in a datacenter, though.

Re:

[Szeraax]

#I'mInTheBasementDungeonOfMyHouse #StillLonely #TheTwinsAreCryingUpstairs

There, I made some comments to keep you company.

Re:

[DamnOregonian]

For the sake of being informative, google is also ever so slightly faster from here, as well.
[x@x ~]$ traceroute 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 x (x.x.x.x) 0.290 ms 0.334 ms 0.405 ms
2 x (x.x.x.x) 0.314 ms 0.385 ms 0.468 ms
3 x (x.x.x.x) 0.419 ms 0.506 ms 0.584 ms
4 six.sea01.google.com (206.81.80.17) 0.315 ms 0.339 ms 0.357 ms
5 108.170.245.113 (108.170.245.113) 0.262 ms
- 108.170.245.97 (108.170.245.97) 1.307 ms
- 108.170.245.113 (10

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Mozai]

> for our next amazing trick
in North America, {areacode}-555-1212 will connect you to directory assistance for that areacode's subset of phone numbers.

Re:

[DamnOregonian]

There are plenty [symantec.com] of [schalley.eu] examples [experts-exchange.com] of people suggesting ping to 1.1.1.1 as a delay in batch scripting.

That is literally one of the dumbest fucking things I've ever heard. And from symantec, no less. Terrible.

Re: Gigabits per second of rubbish? No shit.

[Anonymous Coward]

Ya, you post that one every story about this, and we still don't care.
The two IP scopes used by Cloudfare are Research scopes and are not guaranteed to be routed, and are treated similar to RFC1918 by many companies.

Odd coincidency

[Anonymous Coward]

I recently was setting up a VPN after having set up many VPNs. I've often joked about using non-publicly-used military/government ranges do avoid collisions. I recently set up for a client for one and saw they were using 1.1.1.1 for some things. It does seem to be a choice for routers and dns. I think you'll get it on any easily types "valid" address because people will just think what's the chance of having to be able to access though IP addresses over WAN (IE if it's a few in a billion your break) and if

Re:

[omnichad]

Which is weird, since 10.0.0.0/8 is absolutely huge and there are 256 different 192.168.x.0/24 networks to play with.

Re:

[swb]

FWIW, I wish RFC1918 had included a couple of weird and unappealing "isolated" /24s which would have gotten less use than 192.168.0.0/16 and 10.0.0.0/8 or even 172.16.0.0 (which seems to be the least used in my experience).

These lone /24s would be have been ideal to break up for interior interfaces or for use on isolated management networks that can't overlap with other interfaces.

Re:

[Bert64]

The overlap (and exhaustion in very large businesses) of RFC1918 address space is yet another reason to use ipv6...
You can use part of your own globally routable address space for internal use, and as its your own allocated address space noone else should be using it for anything.

Re:

[DamnOregonian]

Link-local addresses exist for this reason. 169.254.0.0/16.
It's used for IPv4 zeroconf communications, but that's just an application of it. It's purpose is for non-routed link-local communications.

the submitter should train their network-fu

[moronoxyd]

The Cloudflare-APNIC experiment uses two IPv4 address ranges, 1.1.1/24 and 1.0.0/24, which have been reserved for research use.

I could be wrong, but I'm pretty sure that 1.1.1/24 is not a valid IPv4 address range. IPv4 addresses consist of quadruplets of values. The proper address ranges are 1.1.1.0/24 and 1.0.0.0/24.

Re:

[cciechad]

Thats been pretty standard in networking for years. Dropping any 0's. Like 10/8 or 8.8/16. Its just a shorthand.

Re:

[DamnOregonian]

Heh. In the network engineering industry, dropping the host address zeros is common practice when talking about prefixes.

Cloudflare is not the solution to secure DNS

[Anonymous Coward]

Cloudflare started its life with seeding from NSA and CIA as a honeypot used for nefarious purposes. Trusting this business to be the solution to private and secure DNS is complete madness. The solution must be within DNSSEC, out of the hands of American agencies and companies.

FFS

[jbmartin6]

The new DNS isn't "attracting" anything. All the traffic to 1.1.1.1 was already there, that's why they put the DNS host on that address. They wanted to experiment with exposing it to tons of crap traffic.

Re:

[jaymemaurice]

Technically if there was no route to 1.1.1.1 before since it wasn't in the BGB tables, they are now attracting it like a magnet.
It will no longer follow default routes until it has nowhere to go... there is now a destination.

Re:

[jbmartin6]

Touché, although at best that's a strange attractor.

Re:

[DamnOregonian]

Oh it's absolutely attracting it.
Prior to 1.1.1.0/24 becoming a global routed prefix again, that traffic was blackholed in every individual AS.
Now that cloudflare is announcing that block to me, we are routing that traffic to them. There really isn't any more accurate way of putting it other than that they are attracting it.

Nooo my SkyNet!!!

[Julz]

There goes my Skynet's comms strategy :(

Re:

[arth1]

I get that the traffic to these specific IP addresses (or ranges) are interesting - but which DNS names resolve to these addresses?

Your question is meaningless; it's like when politicians ask which web links point to https://www.piratebay.se/ [piratebay.se]

Any number of forward DNS entries can point to these two addresses. If you ran the DNS server for sillyexample.com, you could point dns.sillyexample.com or vengeful.foxbats.sillyexample.com to these addresses if you wanted.
But there is no way of knowing who points.

Or are reverse lookups involved?

Neither forward nor reverse DNS is needed for the name servers themselves.
That said, for reverse DNS, just ask the DNS server itself:

1.

Re:

[cascadingstylesheet]

Your question is meaningless;

You mean he's not even wrong [wikipedia.org]??

Ah, I've been waiting so long to use that awesome geeky putdown! It works; I feel all superior and everything!!

Re:

[DamnOregonian]

Does their frugivorism preclude their having a desire for vengeance?