I figured it out. The problem is definitely with Active Directory.
Turning off DNS Client on the local server only created a situation
where their first bogus sub-domain would timeout but a retry would
still go to SiteFinder. Here's what nslookup returns when directed at
the DNS server on the co-located machine (not running Active Directory):
> adsfadsfasfdadsf.declude.com
Server: ns1.igaia.com
Address: 208.7.179.11
Non-authoritative answer:
Name: adsfadsfasfdadsf.declude.com.primary.igaiaoffice.com
Address: 64.94.110.11
That's the bogus sub-domain appended to my local Active Directory
domain (replaced for security with an equivalent). The issue relates
to the fact that my real Active Directory domain name is not registered
and lies in the .com namespace, so when the lookup fails on the primary
server, it goes back to the local Active Directory server and appends
the lookup that produces no match to my unregistered Active Directory
name, which returns the IP for SiteFinder. If I registered my Active
Directory name, I wouldn't be directed to SiteFinder.
Make sense now?
Matt
Bill Landry wrote:
Are you running W2K or XP? If so,
make sure you have the "DNS Client" service disabled. We setup all
machines with it off by default now, because it has caused nothing but
problems for us in the past by caching bogus info.
Good luck!
Bill
-----
Original Message -----
Sent:
Sunday, September 21, 2003 11:56 PM
Subject:
Re: [Declude.JunkMail] VeriSteal is stealing traffic from your domain.
I think this has something to do with Active Directory. I have no clue
as to where the lookup is coming from because it isn't cached. It is
most certainly happening though:
http://www.mailpure.com/VeriStrange.jpg
I did a quick search and couldn't find any mention of this on Google.
Matt
Bill Landry wrote:
But VeriSign does not even have
the authority nor control over any other TLDs except .com and .net, so
it doesn't make sense that you are having the name resolution issues
you are experiencing.
Bill
-----
Original Message -----
Sent:
Sunday, September 21, 2003 11:34 PM
Subject:
Re: [Declude.JunkMail] VeriSteal is stealing traffic from your domain.
My primary is my mail/Web server that is co-located off-site running MS
DNS without Active Directory. My secondary is my LAN's Microsoft
Active Directory bound DNS server. The unregistered .com and .net
misspellings are in my mail/Web server's cache, however these invalid
sub-domains don't show up in the cache of either server.
It's strange behavior. I wonder where my computer is getting this
information. Maybe this is proof of why you shouldn't wildcard from
the root servers?
Matt
ISPhuset Nordic AS wrote:
what dns are u using ?
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matthew Bramble
Sent: 22. september 2003 08:05
To: [EMAIL PROTECTED]
Subject: Re: [Declude.JunkMail] VeriSteal is stealing traffic from your domain.
Very strange. I just confirmed that it happens from both Netscape and
IE on both local computers, but it doesn't happen on my mail/web
server. I think this has to do with the fact that I am on a local
network with Active Directory, which my mail/web server isn't using.
Anyone else behind an Active Directory server that can confirm?
Matt
Andy Schmidt wrote:
Can't reproduce here.
I get regular "Not found" in my browser.
Best Regards
Andy Schmidt
Phone: +1 201 934-3414 x20 (Business)
Fax: +1 201 934-9206
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Matthew Bramble
Sent: Monday, September 22, 2003 01:34 AM
To: [EMAIL PROTECTED]
Subject: [Declude.JunkMail] VeriSteal is stealing traffic from your domain.
I didn't realize this until a second ago, but VeriCorrupt is stealing
traffic from every domain name out there on the Internet, regardless of
the extension, and regardless of whether or not it is registered. Want
to see something else that's quite strange?
http://asfdasdsadfdsf.online.museum
http://asdfaasdfasdf.site.biz
For some reason that brings you to VeriThief's SiteFinder?????? If you
take out the ".online" it will take you to the wildcarded MuseDoma
site. Seems that VeriSteal has some bleed over. Want to see something
even worse?
http://asdasdfasdfa.igaia.com
http://asdfasdfasdf.declude.com
Any lookup, registered or unregistered that doesn't return an A record
is being directed at this site. Why the hell are these guys stealing
traffic from the domain names that I am paying for? THIS MUST END! Up
until now, I only thought this was limited to unregistered domains.
VeriHijack can't be allowed to write the rules whatever way they see
fit. They quite literally just took over the backbone of the Internet.
Matt
|
