[dns-operations] eNom / InterNAP apparent DNS poisoning
Patrick W. Gilmore
patrick at ianai.net
Mon Dec 4 20:30:18 UTC 2006
We would like some help from eNom, who appears to be doing some
evilness to the DNS.
[Rest is from John Payne.]
They seem to have a * wildcard on their _authorative_ nameservers.
This means that any zone hosted on eNom (dns[1-5].name-services.com)
a CNAME will be given back an authoritive-flag-set answer of
the end RR.
Most nameservers will ignore it, ones vunerable to cache poisoning
will cache it.
Ironically the person who blogged (plentyoffish.com) about this,
isn't being poisoned
PoohBook2:~ jpayne$ dig pics.plentyoffish.com @126.96.36.199
pics.plentyoffish.com. 3600 IN CNAME
So it's not like they can claim ignorance if they're willing to put
Other "interesting" results poking at this authorative nameserver:
www.yahoo.com. 1800 IN A 188.8.131.52
(POISONED - low TTL)
www.fbi.gov. 2419200 IN A 184.108.40.206
www.dhs.gov. 2419200 IN A 220.127.116.11
Is there anyone here able to put pressure on them?
More information about the dns-operations