[dns-operations] Typo in fox.com and an Akamai squatter
Wessels, Duane
dwessels at verisign.com
Mon Feb 1 16:21:07 UTC 2016
A very similar incident from last month was reported here:
https://www.reddit.com/r/dns/comments/40skim/xpostnetsec_strange_dns_propagation_issue_6_days/
But that time with dnsmadeeasy.co
DW
> On Jan 31, 2016, at 1:47 AM, Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
> On Fri, Jan 29, 2016 at 06:06:59PM -0500,
> Robert Edmonds <edmonds at mycre.ws> wrote
> a message of 38 lines which said:
>
>> I only see a few other domains with NSDNAMEs in
>> *.akamaitechnologies.co. in DNSDB, dating back to December,
>
> akamaitechnologies.co was registered in December 31 (by someone
> unrelated to Akamai and hosted in a tax heaven) so, apparently,
> someone else noticed...
>
> Their name servers do reply for fox.com and send you somewhere in
> Romania:
>
> % dig @185.45.13.88 A fox.com
>
> ; <<>> DiG 9.9.5-9+deb8u3-Debian <<>> @185.45.13.88 A fox.com
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6515
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 512
> ;; QUESTION SECTION:
> ;fox.com. IN A
>
> ;; ANSWER SECTION:
> fox.com. 600 IN A 185.45.13.88
>
> ;; Query time: 66 msec
> ;; SERVER: 185.45.13.88#53(185.45.13.88)
> ;; WHEN: Sun Jan 31 10:42:34 CET 2016
> ;; MSG SIZE rcvd: 52
>
> The records for fox.com in DNSDB show that some people were indeed
> redirected:
>
> fox.com. IN A 185.45.13.88
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
More information about the dns-operations
mailing list