a lot of the addresses are from digital ocean so i assume they are just scanning for misconfigured resolvers, even though i don't really understand why such a script would not immediately abort after the first denied query but instead continue trying like 1000 other domains to see what happens