On Thu, 15 Jun 2017, Joe Laffey wrote:
Hi,
Somehow are pfsense box DNS Resolver (not forwarder, the resolver) is getting
poisoned for some local hostnames sometimes.
I have found three different hosts resolving to
208.91.197.132
Please ignore. The issue has been traced to the domain for one of the name
authoritative servers being expired. This led idiotic Network Solutions to
park the entire domain at NS1.PENDINGRENEWALDELETION.COM and
NS2.PENDINGRENEWALDELETION.COM
This alone is not such a big deal, and certainly pretty normal. However,
the ip address they point the domain to 208.91.197.132 also RESPONDS to
DNS queries with its own IP.
So any other domain that has a name server in the expired domain then gets
208.91.197.132 returned as the ip for every hostname. This part seems
awfully shady.
In the old days DNS servers for a domain were specified by IP address
rather than DNS name. So this would not have been possible.
Anyway, nothing to see here. Sorry for the traffic.
--
73
Joe Laffey
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
