David Conrad wrote:
Yep, assuming it is cache poisoning. I'm trying to think of
alternative explanations, but given reports (e.g., from Frank) that
the issue is affecting other resolvers, it's hard to see other
answers. A bit odd, given ben.edu isn't very high up on the Alexa (et
al) list...
i don't think it's cache poisoning. note that there are two out-of-zone
nameservers for ben.edu:
Domain Name: BEN.EDU
[...]
Name Servers:
NS1.BOBBROADBAND.COM
NS2.BOBBROADBAND.COM
and that bobbroadband.com was updated recently, in the past two days:
Domain Name: BOBBROADBAND.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com/en_US/
Name Server: NS1.BOBBROADBAND.COM
Name Server: NS2.BOBBROADBAND.COM
Status: clientTransferProhibited
Updated Date: 25-oct-2012
Creation Date: 22-oct-2005
Expiration Date: 22-oct-2017
here's what was seen in DNSDB on the same day that bobbroadband.com was
updated in whois:
;; bailiwick: com.
;; count: 114
;; first seen: 2012-10-25 11:53:51 -
;; last seen: 2012-10-25 12:58:03 -
bobbroadband.com. IN NS ns1.pendingrenewaldeletion.com.
bobbroadband.com. IN NS ns2.pendingrenewaldeletion.com.
;; bailiwick: bobbroadband.com.
;; count: 2
;; first seen: 2012-10-25 15:08:04 -
;; last seen: 2012-10-25 15:49:29 -
bobbroadband.com. IN NS ns1432.ztomy.com.
bobbroadband.com. IN NS ns2432.ztomy.com.
taking over the nameservers for bobbroadband.com would thus allow taking
over ben.edu:
;; bailiwick: ben.edu.
;; count: 2
;; first seen: 2012-10-25 15:09:49 -
;; last seen: 2012-10-25 15:58:11 -
ben.edu. IN NS ns1432.ztomy.com.
ben.edu. IN NS ns2432.ztomy.com.
i see the exact same pattern with cooperhealth.edu, and its nameservers,
back in april:
Domain Name: COOPERHEALTH.EDU
[...]
Name Servers:
DNS01.CAVTEL.NET
DNS02.CAVTEL.NET
Domain Name: CAVTEL.NET
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com/en_US/
Name Server: DNS01.CAVTEL.NET
Name Server: DNS02.CAVTEL.NET
Status: clientTransferProhibited
Updated Date: 10-apr-2012
Creation Date: 08-apr-1999
Expiration Date: 08-apr-2013
;; bailiwick: net.
;; count: 168
;; first seen: 2012-04-10 08:30:35 -
;; last seen: 2012-04-10 12:34:40 -
cavtel.net. IN NS ns1.pendingrenewaldeletion.com.
cavtel.net. IN NS ns2.pendingrenewaldeletion.com.
;; bailiwick: cavtel.net.
;; count: 6
;; first seen: 2012-04-10 14:23:47 -
;; last seen: 2012-04-12 08:16:30 -
cavtel.net. IN NS ns1432.ztomy.com.
cavtel.net. IN NS ns2432.ztomy.com.
;; bailiwick: cooperhealth.edu.
;; count: 2
;; first seen: 2012-04-11 06:52:37 -
;; last seen: 2012-04-11 20:07:14 -
cooperhealth.edu. IN NS ns1432.ztomy.com.
cooperhealth.edu. IN NS ns2432.ztomy.com.
--
Robert Edmonds
edmo...@isc.org
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs