[dns-operations] ziyouforever.com

Jeroen Massar jeroen at unfix.org
Fri Jun 12 20:19:49 UTC 2009


John Kristoff wrote:
[..]
> Thanks to a colleague, Toni @ F-secure, this is apparently related to
> software signed by Dynamic Internet Technologies, Inc.  Its not clear
> what the qnames or answers mean, but it could be some sort of id or
> tracking mechanism.

Have you checked if it might be DNS tunneling or some other sort of
covert channel? Using A records might not be the fastest/best way to
abuse DNS for that, but at least every DNS recursor will understand it
and pass it on (Some of those &#%&^&% NAT boxes don't get it when you
ask for a TXT record or when that TXT record is a bit on the long side)

Greets,
 Jeroen


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: OpenPGP digital signature
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20090612/b0da9560/attachment.sig>


More information about the dns-operations mailing list