[dns-operations] Just another "sitefinder" ISP

Mohsen Souissi mohsen.souissi at nic.fr
Wed May 21 16:05:57 UTC 2008 

 On 21 May, Antoin Verschuren wrote:
 | These are just as bad:
                  ^^^

==> I don't think so, because they don't provide recursion. The impact
(harm) is not the same. It's useless querying them apart from just
doing a 'dig' exercise and nobody will put such information in their
/etc/resolv.conf.

Conversely, the one that Paul mentioned is a recursive one and may be
queryed by many real users, especially the customers of the ISP in
question.

 | ; <<>> DiG 9.3.4 <<>> @ns1.dnsmanager.nl microsoft.com any
 | ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 3
 | 
 | ;; QUESTION SECTION:
 | ;microsoft.com.                 IN      ANY
 | 
 | ;; ANSWER SECTION:
 | microsoft.com.          300     IN      A       85.158.248.160
 | microsoft.com.          86400   IN      NS      ns2.dnsmanager.nl.
 | microsoft.com.          300     IN      SOA     ns1.dnsmanager.nl. postmaster.dip.nl. 2006010102 28800 7200 604800 600
 | microsoft.com.          86400   IN      NS      ns1.dnsmanager.nl.
 | microsoft.com.          86400   IN      MX      10 mail.microsoft.com.
 | 
 | ;; ADDITIONAL SECTION:
 | mail.microsoft.com.     300     IN      A       127.0.0.1
 | ns2.dnsmanager.nl.      300     IN      A       85.158.248.160
 | ns1.dnsmanager.nl.      300     IN      A       85.158.248.160
 | 
 | 
 | Answering authoritative for any domain.....
 | Too lazy to configure domains before registering...
 | So it's not for sitefinder purposes, but screwing things up anyway.
 | 
 | Antoin Verschuren
 | 
 | Technical Policy Advisor
 | SIDN
 | Utrechtseweg 310
 | PO Box 5022
 | 6802 EA Arnhem
 | The Netherlands
 | 
 | T +31 26 3525500
 | F +31 26 3525505
 | M +31 6 23368970
 | E antoin.verschuren at sidn.nl
 | W http://www.sidn.nl/
 | 
 | 
 | > -----Original Message-----
 | > From: dns-operations-bounces at lists.oarci.net [mailto:dns-operations-
 | > bounces at lists.oarci.net] On Behalf Of Florian Weimer
 | > Sent: Wednesday, May 21, 2008 3:45 PM
 | > To: Lutz Donnerhacke
 | > Cc: dns-operations at lists.oarci.net
 | > Subject: Re: [dns-operations] Just another "sitefinder" ISP
 | > 
 | > * Lutz Donnerhacke:
 | > 
 | > > http://pastebin.com/m3d331654
 | > >
 | > > ; <<>> DiG 9.3.4 <<>> +dnssec web.pixaco.se  @83.169.184.161
 | > > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 | > >
 | > > ;; ANSWER SECTION:
 | > > web.pixaco.se.          0       IN      A       204.9.89.60
 | > >
 | > > ISP: Kabel Deutschland (TV-cable based broadband access)
 | > 
 | > Oh crap.  It's getting closer to home.  Thanks for reporting.

More information about the dns-operations mailing list