Re: [dns-operations] DNSimple under attack?
That’s a pretty typical “attack profile” … The victim either moves providers trying to escape the attack or the domain expires/deletes, gets picked up and the new owner suddenly finds themselves under attack too… On Dec 11, 2014, at 4:50 PM, Dnsbed (Jeff) supp...@dnsbed.com wrote: DNSMadeEasy, DNSimple, 1AND1 were under attacks these days. I heard DNSMadeEasy and DNSimple were attacked due to the same domain name hosted there. Livingood, Jason wrote: Seems like a lot of DNS abuse happening this week. Surely there’s a wider story someplace? Jason -- Best Regards, DNSbed Hosting http://www.dnsbed.com/ signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] namecheap to the white courtesy phone, please
Welcome to a the broken legacy of ancient home-grown DNS code and how difficult it is to “undo” bad decisions of the past. In this case, the domain in question was registered with Enom who has historically supported CNAMEs at the apex. Its one of those things that makes sense to everybody outside the DNS technical community. We are actively working on a project to replace the existing legacy infrastructure and remediate the broken behavior. Its taking longer than we had hoped but its coming…. If anybody comes across Enom, Name.com http://name.com/ or Rightside.co http://rightside.co/ related issues, please don’t hesitate to reach out to me. Wayne MacLaurin CTO Rightside wa...@rightside.co On Oct 20, 2014, at 2:25 PM, Paul Vixie p...@redbarn.org wrote: it's not april 1. please stop. vixie re: $ dig @dns1.registrar-servers.com +short thereitwas.com CNAME thereitwas.com.s3-website-us-east-1.amazonaws.com. $ dig +trace thereitwas.com ; DiG 9.8.2 +trace thereitwas.com ;; global options: +cmd . 74554 IN NS h.root-servers.net. . 74554 IN NS k.root-servers.net. . 74554 IN NS g.root-servers.net. . 74554 IN NS d.root-servers.net. . 74554 IN NS f.root-servers.net. . 74554 IN NS j.root-servers.net. . 74554 IN NS m.root-servers.net. . 74554 IN NS e.root-servers.net. . 74554 IN NS b.root-servers.net. . 74554 IN NS l.root-servers.net. . 74554 IN NS i.root-servers.net. . 74554 IN NS c.root-servers.net. . 74554 IN NS a.root-servers.net. ;; Received 509 bytes from 10.62.200.11#53(10.62.200.11) in 158 ms com.172800 IN NS k.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS a.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. ;; Received 492 bytes from 192.112.36.4#53(192.112.36.4) in 5253 ms thereitwas.com. 172800 IN NS dns2.registrar-servers.com. thereitwas.com. 172800 IN NS dns1.registrar-servers.com. thereitwas.com. 172800 IN NS dns3.registrar-servers.com. thereitwas.com. 172800 IN NS dns4.registrar-servers.com. thereitwas.com. 172800 IN NS dns5.registrar-servers.com. ;; Received 369 bytes from 192.55.83.30#53(192.55.83.30) in 432 ms thereitwas.com. 60 IN CNAME thereitwas.com.s3-website-us-east-1.amazonaws.com. . 518400 IN NS a.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS m.root-servers.net. ;; Received 303 bytes from 173.245.59.40#53(173.245.59.40) in 139 ms -- Paul Vixie ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman
Re: [dns-operations] Current thinking on internal corporate/campus domain names
Kelly, The “fantasy tld” is a really bad idea. There are several hundred new tld’s coming online and the topic of “collisions” between a fake internal and real external TLD has been the topic of much discussion (Google “icann name collisions”). I definitely vote for the registered name. If you are worried about split brain, most DNS software supports the concept of zones so you can ensure that only your internal network sees your internal naming.. Wayne On Jun 23, 2014, at 1:28 PM, Kelly Setzer kelly.set...@wnco.com wrote: What is current thinking/accepted practice for internal domain names? * Registered domain name (e.g., somecompany.com) * Fantasy tld (e.g., .mycorp) * .local (collides zeroconf/mDNS) This is for use within a corporate/campus setting. In times past, I have taken the fantasy approach. However, colleagues have pointed out that the growing list of new gTLDs and branded TLDs could collide with a fantasy TLD. RFC 2606 seems to suggest using a registered domain. That¹s great except that split-brain inevitably creeps into the equation. Is this a case of choosing the ³least worst² option? Thanks, Kelly *** CONFIDENTIALITY NOTICE *** This e-mail message and all attachments transmitted with it may contain legally privileged and confidential information intended solely for the use of the addressee. If the reader of this message is not the intended recipient, you are hereby notified that any reading, dissemination, distribution, copying, or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete this message from your system. Thank you. ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] The Decline and Fall of BIND 10
Bind 9.11 Can’t imagine we’ll see another attempt at a ground up rebuild anytime soon….. On May 14, 2014, at 4:19 PM, Phillip Hallam-Baker hal...@gmail.com wrote: What is the next edition of BIND going to be called then, 10 or 11? On Wed, May 14, 2014 at 2:25 PM, staticsafe m...@staticsafe.ca wrote: This might be of interest: https://ripe68.ripe.net/presentations/208-The_Decline_and_Fall_of_BIND_10.pdf -- staticsafe https://asininetech.com signature.asc Description: Message signed with OpenPGP using GPGMail ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] Apple and bogusapple.com
Apparently its was entirely server side and has been fixed… The traffic now goes to metrics.mzstatic.com so it looks like it was a bug in the iTunes Store views rather than something hard-coded in iOS. Wayne On 2012-10-02, at 8:14 AM, Patrick W. Gilmore patr...@ianai.net wrote: On Oct 02, 2012, at 05:29 , Stephane Bortzmeyer bortzme...@nic.fr wrote: A big fail, I'm afraid. Apple's software tried to contact bogusapple.com (presumably to have a known to failed test) but someone registered the domain yesterday : https://discussions.apple.com/thread/4380270?tstart=0 Saw that yesterday, since little snitch said iTunes wanted to go to bogusapple.com which seemed a bit, shall we say, unusual. How could Apple hard-code something like that? Even assuming they thought it was a good idea, how do you not register the domain to ensure someone doesn't do it for you? Also, insert joke / complaint about wildcards @ the roots or GTLDs -- TTFN, patrick ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Re: [dns-operations] PIR's (.org) Web site looks… default...
Peter, it looks ok from Ottawa. tytus:~ wayne$ host www.pir.org www.pir.org has address 50.63.189.22 www.pir.org has IPv6 address 2607:f208:50a:2160::1 I'd give you a traceroute but my upstream blocks those…. Would seem odd that PIR was hosted on a Plesk install wouldn't it ? Wayne On 2012-09-10, at 11:11 PM, Peter Losher plos...@isc.org wrote: http://www.pir.org/ - looks like it's pointed to a fresh Parallels Plesk install? Anyone know what may be going on here? Best Wishes - Peter -- [ plos...@isc.org | Senior Operations Architect | ISC | PGP E8048D08 ] ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs ___ dns-operations mailing list dns-operations@lists.dns-oarc.net https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs