[dns-operations] Typo in fox.com and an Akamai squatter

[frnkblk at iname.com]

Good work -- looks like that's fixed now:

root at nagios:/etc/cron.weekly# cat /tmp/tmp.tmp | sed "s/^ *\(.*\)\. .*/\1/"
| while read LINE
> do
> dig NS $LINE | grep 110
> done
fox.com.                377     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
fxx.com.                438     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
foxnow.com.             600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
getfxx.com.             600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
familyguy.com.          600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
foxsports.com.          600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
fxnetworks.com.         600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
fxxnetwork.com.         600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
teenchoice.com.         600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
foxdeportes.com.        600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
fxxnetworks.com.        600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
americanidol.com.       600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
simpsonsworld.com.      600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
fxx.net.                600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
fxnow.net.              600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
fxxnetwork.net.         600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
fxxnetworks.net.        600     IN      NS
a72-247-45-110.deploy.akamaitechnologies.com.
root at nagios:/etc/cron.weekly#

Frank

-----Original Message-----
From: dns-operations [mailto:dns-operations-bounces at dns-oarc.net] On Behalf
Of Chris Adams
Sent: Friday, January 29, 2016 4:17 PM
To: dns-operations at dns-oarc.net
Subject: [dns-operations] Typo in fox.com and an Akamai squatter

One of my customers for which I manage recursive DNS servers ran into a
problem: fox.com was resolving to 185.45.13.88 for their customers
(which appears to be serving malware).

Digging into the cache, it appears the problem is a typo in the NS
records for fox.com:

$ dig +short fox.com ns
;; Truncated, retrying in TCP mode.
a23-73-133-237.deploy.static.akamaitechnologies.com.
a72-247-151-10.deploy.akamaitechnologies.com.
a72-247-45-157.deploy.akamaitechnologies.com.
a72-246-0-10.deploy.akamaitechnologies.com.
a23-73-134-237.deploy.static.akamaitechnologies.com.
a72-247-45-25.deploy.akamaitechnologies.com.
a72-247-45-110.deploy.akamaitechnologies.co.
a72-246-192-168.deploy.akamaitechnologies.com.
a23-73-133-141.deploy.static.akamaitechnologies.com.
zl1-east.akamai.com.
a60-254-128-45.deploy.akamaitechnologies.com.
zl1-west.akamai.com.
a23-73-134-141.deploy.static.akamaitechnologies.com.
a72-247-45-65.deploy.akamaitechnologies.com.
fw01.cmbrmaks.akamai.com.
a193-108-152-143.deploy.akamaitechnologies.com.

Note that they are all "akamai.com." or "akamaitechnologies.com.",
except for one that is "akamaitechnologies.co." (.co not .coM).
a72-247-45-110.deploy.akamaitechnologies.co. resolves to the bogus IP
(with a link-local AAAA record), so I am guessing that the
akamaitechnologies.co domain is a squatter (wonder how many other
domains have such typos).

Anybody have a contact at fox.com and/or Akamai?
-- 
Chris Adams <cma at cmadams.net>
_______________________________________________
dns-operations mailing list
dns-operations at lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs