From: cinap_lenrek@gmx.de
To: 9fans@9fans.net
Subject: [9fans] dns poisoning
Date: Wed, 29 Aug 2012 05:29:42 +0200 [thread overview]
Message-ID: <bbd574e570bd83cb7fe720e557f4b2ef@rei2.9hal> (raw)
aback.com has ns.buydomains.com as nameserver, which seem to
announce itself to be responsible for the whole .com tld and
answers positively to everything with bullshit spam ip addresses
causing all further .com domain queries to get resolved by that
spam ns.buydomains.com dns. :(
is this allowed by the standard? is there anything we can do
to prevent it from poisoning our cache?
rei2 Aug 29 04:25:26 [73792] 61255.1: sending to 192.54.112.30/h.gtld-servers.net aback.com ip
rei2 Aug 29 04:25:26 61255: rcvd 192.54.112.30 flags: rd
rei2 Aug 29 04:25:26 61255: rcvd 192.54.112.30 qd aback.com
rei2 Aug 29 04:25:26 61255: rcvd 192.54.112.30 ns aback.com ns ns.buydomains.com
rei2 Aug 29 04:25:26 61255: rcvd 192.54.112.30 ns aback.com ns this-domain-for-sale.com
rei2 Aug 29 04:25:26 61255: rcvd 192.54.112.30 ar ns.buydomains.com ip 64.95.64.93
rei2 Aug 29 04:25:26 61255: rcvd 192.54.112.30 ar this-domain-for-sale.com ip 64.95.64.96
rei2 Aug 29 04:25:26 [73792] 61255.2: sending to 64.95.64.93/ns.buydomains.com aback.com ip
rei2 Aug 29 04:25:26 61255: rcvd 64.95.64.93 flags: auth rd
rei2 Aug 29 04:25:26 61255: rcvd 64.95.64.93 qd aback.com
rei2 Aug 29 04:25:26 61255: rcvd 64.95.64.93 an aback.com ip 64.95.64.218
rei2 Aug 29 04:25:26 61255: rcvd 64.95.64.93 ns com ns ns.buydomains.com
rei2 Aug 29 04:25:26 61255: rcvd 64.95.64.93 ns com ns this-domain-for-sale.com
rei2 Aug 29 04:25:26 61255: rcvd 64.95.64.93 ar ns.buydomains.com ip 64.95.64.93
rei2 Aug 29 04:25:26 61255: rcvd 64.95.64.93 ar this-domain-for-sale.com ip 64.95.64.96
--
cinap
next reply other threads:[~2012-08-29 3:29 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-29 3:29 cinap_lenrek [this message]
2012-08-29 4:22 ` erik quanstrom
2012-08-29 16:16 ` cinap_lenrek
2012-08-29 16:26 ` Devon H. O'Dell
2012-08-29 16:37 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bbd574e570bd83cb7fe720e557f4b2ef@rei2.9hal \
--to=cinap_lenrek@gmx.de \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).