<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body dir="auto">
<div>If NS record was stolen, so do MX record...<br>
<br>
--
<div><span style="font-family: UICTFontTextStyleBody; -webkit-text-size-adjust: auto;">Guillaume Tournat</span></div>
<div><span style="font-family: UICTFontTextStyleBody; -webkit-text-size-adjust: auto;">Consultant Tibco Services</span></div>
</div>
<div><br>
Le 30 janv. 2016 à 04:47, Suresh, Sairam <<a href="mailto:ssairam@amazon.com">ssairam@amazon.com</a>> a écrit :<br>
<br>
</div>
<blockquote type="cite">
<div><span>Chris, try <a href="mailto:fnghelpdesk@fox.com">fnghelpdesk@fox.com</a> - they'll escalate to the right person.</span><br>
<span></span><br>
<span>-----Original Message-----</span><br>
<span>From: dns-operations [<a href="mailto:dns-operations-bounces@dns-oarc.net">mailto:dns-operations-bounces@dns-oarc.net</a>] On Behalf Of Chris Adams</span><br>
<span>Sent: Friday, January 29, 2016 2:17 PM</span><br>
<span>To: <a href="mailto:dns-operations@dns-oarc.net">dns-operations@dns-oarc.net</a></span><br>
<span>Subject: [dns-operations] Typo in <a href="http://fox.com">fox.com</a> and an Akamai squatter</span><br>
<span></span><br>
<span>One of my customers for which I manage recursive DNS servers ran into a</span><br>
<span>problem: <a href="http://fox.com">fox.com</a> was resolving to 185.45.13.88 for their customers (which appears to be serving malware).</span><br>
<span></span><br>
<span>Digging into the cache, it appears the problem is a typo in the NS records for
<a href="http://fox.com">fox.com</a>:</span><br>
<span></span><br>
<span>$ dig +short <a href="http://fox.com">fox.com</a> ns</span><br>
<span>;; Truncated, retrying in TCP mode.</span><br>
<span><a href="http://a23-73-133-237.deploy.static.akamaitechnologies.com">a23-73-133-237.deploy.static.akamaitechnologies.com</a>.</span><br>
<span><a href="http://a72-247-151-10.deploy.akamaitechnologies.com">a72-247-151-10.deploy.akamaitechnologies.com</a>.</span><br>
<span><a href="http://a72-247-45-157.deploy.akamaitechnologies.com">a72-247-45-157.deploy.akamaitechnologies.com</a>.</span><br>
<span><a href="http://a72-246-0-10.deploy.akamaitechnologies.com">a72-246-0-10.deploy.akamaitechnologies.com</a>.</span><br>
<span><a href="http://a23-73-134-237.deploy.static.akamaitechnologies.com">a23-73-134-237.deploy.static.akamaitechnologies.com</a>.</span><br>
<span><a href="http://a72-247-45-25.deploy.akamaitechnologies.com">a72-247-45-25.deploy.akamaitechnologies.com</a>.</span><br>
<span><a href="http://a72-247-45-110.deploy.akamaitechnologies.co">a72-247-45-110.deploy.akamaitechnologies.co</a>.</span><br>
<span><a href="http://a72-246-192-168.deploy.akamaitechnologies.com">a72-246-192-168.deploy.akamaitechnologies.com</a>.</span><br>
<span><a href="http://a23-73-133-141.deploy.static.akamaitechnologies.com">a23-73-133-141.deploy.static.akamaitechnologies.com</a>.</span><br>
<span><a href="http://zl1-east.akamai.com">zl1-east.akamai.com</a>.</span><br>
<span><a href="http://a60-254-128-45.deploy.akamaitechnologies.com">a60-254-128-45.deploy.akamaitechnologies.com</a>.</span><br>
<span><a href="http://zl1-west.akamai.com">zl1-west.akamai.com</a>.</span><br>
<span><a href="http://a23-73-134-141.deploy.static.akamaitechnologies.com">a23-73-134-141.deploy.static.akamaitechnologies.com</a>.</span><br>
<span><a href="http://a72-247-45-65.deploy.akamaitechnologies.com">a72-247-45-65.deploy.akamaitechnologies.com</a>.</span><br>
<span><a href="http://fw01.cmbrmaks.akamai.com">fw01.cmbrmaks.akamai.com</a>.</span><br>
<span><a href="http://a193-108-152-143.deploy.akamaitechnologies.com">a193-108-152-143.deploy.akamaitechnologies.com</a>.</span><br>
<span></span><br>
<span>Note that they are all "<a href="http://akamai.com">akamai.com</a>." or "<a href="http://akamaitechnologies.com">akamaitechnologies.com</a>.", except for one that is "<a href="http://akamaitechnologies.co">akamaitechnologies.co</a>." (.co not .coM).</span><br>
<span><a href="http://a72-247-45-110.deploy.akamaitechnologies.co">a72-247-45-110.deploy.akamaitechnologies.co</a>. resolves to the bogus IP (with a link-local AAAA record), so I am guessing that the
<a href="http://akamaitechnologies.co">akamaitechnologies.co</a> domain is a squatter (wonder how many other domains have such typos).</span><br>
<span></span><br>
<span>Anybody have a contact at <a href="http://fox.com">fox.com</a> and/or Akamai?</span><br>
<span>--</span><br>
<span>Chris Adams <<a href="mailto:cma@cmadams.net">cma@cmadams.net</a>></span><br>
<span>_______________________________________________</span><br>
<span>dns-operations mailing list</span><br>
<span><a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a></span><br>
<span><a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a></span><br>
<span>dns-jobs mailing list</span><br>
<span><a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a></span><br>
<span></span><br>
<span>_______________________________________________</span><br>
<span>dns-operations mailing list</span><br>
<span><a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a></span><br>
<span><a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a></span><br>
<span>dns-jobs mailing list</span><br>
<span><a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a></span><br>
</div>
</blockquote>
</body>
</html>