Not happening on AT&T business. I'll check comcast when I get home. -Jeff
On Thu, Sep 25, 2008 at 3:08 PM, Richard Thomas <[EMAIL PROTECTED]>wrote: > > Is anyone else having issues out there with DNS requests which should > fail resolving to a search engine? This is with Butler net residential. > I've written to Bill but would be interested to hear if it's happening > with business or other ISPs (it's not happening with my work stuff). > I've narrowed it down and it's like the requests to the root and top > level domain servers are being hijacked... > > From my home network > > [EMAIL PROTECTED]:/etc# dig qweqpoqwiepoqiwepqiwe.com @d.gtld-servers.net > > ; <<>> DiG 9.4.1 <<>> qweqpoqwiepoqiwepqiwe.com @d.gtld-servers.net > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10473 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;qweqpoqwiepoqiwepqiwe.com. IN A > > ;; ANSWER SECTION: > qweqpoqwiepoqiwepqiwe.com. 60 IN A 8.15.7.102 > qweqpoqwiepoqiwepqiwe.com. 60 IN A 63.251.179.28 > > ;; AUTHORITY SECTION: > qweqpoqwiepoqiwepqiwe.com. 65535 IN NS > WSC2.JOMAX.NET<http://wsc2.jomax.net/> > . > qweqpoqwiepoqiwepqiwe.com. 65535 IN NS > WSC1.JOMAX.NET<http://wsc1.jomax.net/> > . > > ;; Query time: 752 msec > ;; SERVER: > 192.31.80.30#53(192.31.80.30)<http://192.31.80.30/#53(192.31.80.30)> > ;; WHEN: Thu Sep 25 14:59:33 2008 > ;; MSG SIZE rcvd: 131 > > > From Outside: > > [EMAIL PROTECTED]:~$ dig qweqpoqwiepoqiwepqiwe.com @d.gtld-servers.net > > ; <<>> DiG 9.4.1 <<>> qweqpoqwiepoqiwepqiwe.com @d.gtld-servers.net > ; (1 server found) > ;; global options: printcmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40084 > ;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;qweqpoqwiepoqiwepqiwe.com. IN A > > ;; AUTHORITY SECTION: > com. 900 IN SOA a.gtld-servers.net. > nstld.verisign-grs.com. 1222372779 1800 900 604800 900 > > ;; Query time: 56 msec > ;; SERVER: > 192.31.80.30#53(192.31.80.30)<http://192.31.80.30/#53(192.31.80.30)> > ;; WHEN: Thu Sep 25 14:59:57 2008 > ;; MSG SIZE rcvd: 116 > > The IP for resolves to the same on both systems (192.31.80.30) > > If this is a known hack, I'd like to hear too. Though everything looks > clean as far as I can tell. > > Rich > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en -~----------~----~----~----~------~----~------~--~---
