Re: [LUG] Re: Red Pepper Website

Sat, 28 Nov 2009 01:42:14 -0800

They should clean up there nameserver (miss)configuration mess with their provider...
I was not able to recreate the issue with 256news.com though, whether from UG or European networks, but issues are likely. Please note that the NS data in this report was received from the authoritative nameservers directly, to avoid dns cache-poisoned false data from DNS resolvers in the middle. If you have different results a cache poisoning attack is likely. 

1. issue - no GLUE records (IP addresses)
whois redpepper.ug:
nserver:     NS1.IPOWERWEB.NET
nserver:     NS1.IPOWERDNS.COM
nserver:     NS2.IPOWERWEB.NET

2. issue - some NS servers are dead
IP addresses of the parent nameservers:
NS1.IPOWERWEB.NET.   ['66.96.132.42', '66.96.142.103']
NS2.IPOWERWEB.NET.   ['65.254.254.139', '66.96.130.21']
NS1.IPOWERDNS.com.   ['66.96.142.102']

66.96.130.21 is not working...

3. issue - NS entries are not coherent with the parent nameserver entries


NS entries from NS1.IPOWERWEB.NET, NS1.IPOWERDNS.COM, NS2.IPOWERWEB.NET 
(parent nameservers):

ns1.ipower.com  ['66.96.142.109']
ns2.ipower.com  ['65.254.254.144']


so, either the NS entries reflect the same information like the parent 
nameservers -> change NS entries to NS1.IPOWERWEB.NET, 
NS1.IPOWERDNS.COM, NS2.IPOWERWEB.NET
OR the parent nameserver have the same information like the current NS 
servers -> change whois to ns1.ipower.com, ns2.ipower.com


4. issue - SOA entry primary nameserver is wrong

SOA MNAME = ns1.ipower.com (remember, parent nameservers are: 
NS1.IPOWERWEB.NET, NS1.IPOWERDNS.COM, NS2.IPOWERWEB.NET)


The "redpepper.*co*.ug":
is hosted with MTN,
the current A record is resolving: www.redpepper.co.ug -> 208.109.78.92
but webserver is dead or not responding
maybe its only used for email:

mail.redpepper.co.ug -> 212.88.96.126 (is responding: 220 
mail.redpepper.co.ug ESMTP Postfix (2.3.3))
(the version information should be cut out, called banner, its against 
PCI recommendation)


_______________________________________________
LUG mailing list
[email protected]
http://kym.net/mailman/listinfo/lug
%LUG is generously hosted by INFOCOM http://www.infocom.co.ug/

The above comments and data are owned by whoever posted them (including 
attachments if any). The List's Host is not responsible for them in any way.
---------------------------------------























					Reply via email to