[dns-operations] eNom / InterNAP apparent DNS poisoning
Patrick W. Gilmore
patrick at ianai.net
Mon Dec 4 20:30:18 UTC 2006
We would like some help from eNom, who appears to be doing some
evilness to the DNS.
--
TTFN,
patrick
[Rest is from John Payne.]
They seem to have a * wildcard on their _authorative_ nameservers.
This means that any zone hosted on eNom (dns[1-5].name-services.com)
that has
a CNAME will be given back an authoritive-flag-set answer of
64.74.223.198 for
the end RR.
Most nameservers will ignore it, ones vunerable to cache poisoning
will cache it.
Ironically the person who blogged (plentyoffish.com) about this,
isn't being poisoned
any more:
PoohBook2:~ jpayne$ dig pics.plentyoffish.com @63.251.92.193
pics.plentyoffish.com. 3600 IN CNAME
pics.plentyoffish.com.edgesuite.net.
So it's not like they can claim ignorance if they're willing to put
in exceptions
Other "interesting" results poking at this authorative nameserver:
www.yahoo.com. 1800 IN A 64.74.223.2
(POISONED - low TTL)
;www.google.com. IN
A (NXDOMAIN)
;www.microsoft.com. IN
A (NXDOMAIN)
www.fbi.gov. 2419200 IN A 64.74.223.198
(POISONED)
www.dhs.gov. 2419200 IN A 64.74.223.198
(POISONED)
Is there anyone here able to put pressure on them?
More information about the dns-operations
mailing list