David Conrad wrote: > Yep, assuming it is cache poisoning. I'm trying to think of > alternative explanations, but given reports (e.g., from Frank) that > the issue is affecting other resolvers, it's hard to see other > answers. A bit odd, given ben.edu isn't very high up on the Alexa (et > al) list...
i don't think it's cache poisoning. note that there are two out-of-zone nameservers for ben.edu: Domain Name: BEN.EDU [...] Name Servers: NS1.BOBBROADBAND.COM NS2.BOBBROADBAND.COM and that bobbroadband.com was updated recently, in the past two days: Domain Name: BOBBROADBAND.COM Registrar: NETWORK SOLUTIONS, LLC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com/en_US/ Name Server: NS1.BOBBROADBAND.COM Name Server: NS2.BOBBROADBAND.COM Status: clientTransferProhibited Updated Date: 25-oct-2012 Creation Date: 22-oct-2005 Expiration Date: 22-oct-2017 here's what was seen in DNSDB on the same day that bobbroadband.com was updated in whois: ;; bailiwick: com. ;; count: 114 ;; first seen: 2012-10-25 11:53:51 -0000 ;; last seen: 2012-10-25 12:58:03 -0000 bobbroadband.com. IN NS ns1.pendingrenewaldeletion.com. bobbroadband.com. IN NS ns2.pendingrenewaldeletion.com. ;; bailiwick: bobbroadband.com. ;; count: 2 ;; first seen: 2012-10-25 15:08:04 -0000 ;; last seen: 2012-10-25 15:49:29 -0000 bobbroadband.com. IN NS ns1432.ztomy.com. bobbroadband.com. IN NS ns2432.ztomy.com. taking over the nameservers for bobbroadband.com would thus allow taking over ben.edu: ;; bailiwick: ben.edu. ;; count: 2 ;; first seen: 2012-10-25 15:09:49 -0000 ;; last seen: 2012-10-25 15:58:11 -0000 ben.edu. IN NS ns1432.ztomy.com. ben.edu. IN NS ns2432.ztomy.com. i see the exact same pattern with cooperhealth.edu, and its nameservers, back in april: Domain Name: COOPERHEALTH.EDU [...] Name Servers: DNS01.CAVTEL.NET DNS02.CAVTEL.NET Domain Name: CAVTEL.NET Registrar: NETWORK SOLUTIONS, LLC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com/en_US/ Name Server: DNS01.CAVTEL.NET Name Server: DNS02.CAVTEL.NET Status: clientTransferProhibited Updated Date: 10-apr-2012 Creation Date: 08-apr-1999 Expiration Date: 08-apr-2013 ;; bailiwick: net. ;; count: 168 ;; first seen: 2012-04-10 08:30:35 -0000 ;; last seen: 2012-04-10 12:34:40 -0000 cavtel.net. IN NS ns1.pendingrenewaldeletion.com. cavtel.net. IN NS ns2.pendingrenewaldeletion.com. ;; bailiwick: cavtel.net. ;; count: 6 ;; first seen: 2012-04-10 14:23:47 -0000 ;; last seen: 2012-04-12 08:16:30 -0000 cavtel.net. IN NS ns1432.ztomy.com. cavtel.net. IN NS ns2432.ztomy.com. ;; bailiwick: cooperhealth.edu. ;; count: 2 ;; first seen: 2012-04-11 06:52:37 -0000 ;; last seen: 2012-04-11 20:07:14 -0000 cooperhealth.edu. IN NS ns1432.ztomy.com. cooperhealth.edu. IN NS ns2432.ztomy.com. -- Robert Edmonds edmo...@isc.org _______________________________________________ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs