Bind 8.2.2-P5 picking up bogus .com NS list

Mathias Körber mathias at koerber.org
Wed Aug 16 14:43:32 UTC 2000 

Did you happen to create a dump of your server's internal database
(via ndc dumpdb) before reloading the server to correct this?
It would be very useful to see where your server learned that=20
record. That info would be in the dump.

rgds

> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org]On
> Behalf Of Mark Suter
> Sent: Wednesday, August 16, 2000 11:18 AM
> To: Bind-Users
> Subject: Bind 8.2.2-P5 picking up bogus .com NS list
>=20
>=20
> Folks,
>=20
> I am one of the System Administrators at The University of
> Queensland.  Yesterday evening, I noticed the following.
>=20
>     ; <<>> DiG 2.2 <<>> @cuscus.cc.uq.edu.au com ns=3D20
>     ;; res options: init recurs defnam dnsrch
>     ;; got answer:
>     ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46126
>     ;; flags: qr rd ra; Ques: 1, Ans: 1, Auth: 0, Addit: 1
>     ;; QUESTIONS:
>     ;;      com, type =3D3D NS, class =3D3D IN
>=20
>     ;; ANSWERS:
>     com.    10427   NS      myifriendsns1.webpower.com.
>=20
>     ;; ADDITIONAL RECORDS:
>     myifriendsns1.webpower.com.     85003   A       204.180.135.105
>=20
>     ;; Total query time: 2 msec
>     ;; FROM: cuscus.cc.uq.edu.au to SERVER: cuscus.cc.uq.edu.au =20
> 130.102.128.43
>     ;; WHEN: Tue Aug 15 22:09:44 2000
>     ;; MSG SIZE  sent: 21  rcvd: 74
>=20
> Cuscus is configured to forward via dns0.optus.net.au; however,
> the Optus nameserver didn't have this bogus NS list when I
> checked.  None of the four other nameservers at the University,
> similarly configured, has this bogus NS list.  A quick check
> of the root nameservers and the *real* .com servers showed no
> problems.
>=20
> The bogus nameserver, myifriendsns1.webpower.com, is configured
> with a mostly-empty .com zone - I have included a zone transfer
> below.  I though the .com zone was huge ;)
>=20
> This only caused us problems intermittently, due to our present
> forwarding arrangement.  A "ndc restart" corrected the situation.
>=20
> Has anyone else had seen this before or have any ideas why it
> occurred?
>=20
> How do we prevent this occurring again?
>=20
> Yours sincerely,
>=20
> -- Mark John Suter  | I know that you  believe  you understand
> suter at humbug.org.au | what you think I said, but I am not sure
> GPG key id F2FEBB36 | you realise that what you  heard  is not
> Ph: +61 4 1126 2316 | what I meant.                  anonymous
>=20
> ----------------------------- begin -----------------------------
> ; <<>> DiG 2.2 <<>> @myifriendsns1.webpower.com com axfr=3D20
> ; (1 server found)
> com.	86400	SOA	webpower.com. postmaster.webpower.com. (
> 			151	; serial
> 			10800	; refresh (3 hours)
> 			900	; retry (15 mins)
> 			604800	; expire (7 days)
> 			86400 )	; minimum (1 day)
> com.	86400	NS	myifriendsns1.webpower.com.
> com.	86400	A	204.180.135.105
> www.sisseys-sex-fetish.com.	10	A	204.180.135.105
> www.myluckylove.com.	10	A	204.180.135.105
> www.missangel.com.	10	A	204.180.135.105
> www.reyanasrealm.com.	10	A	204.180.135.105
> www.2lilnymphs.com.	10	A	204.180.135.105
> www.barbiwet.com.	10	A	204.180.135.105
> www.brettnichols.com.	10	A	204.180.135.105
> www.mzmahogany.com.	10	A	204.180.135.105
> sexylynn.com.	10	A	204.180.135.105
> www.ahotcoed21.com.	10	A	204.180.135.105
> www.hugetoyz.com.	10	A	204.180.135.105
> http://www.camatuers.com.	10	A	204.180.135.105
> www.girlyluv.com.	10	A	204.180.135.105
> www.sissey-sex-fetish.com.	10	A	204.180.135.105
> www.pleasure-units.com.	10	A	204.180.135.105
> www.hotcanadian.com.	10	A	204.180.135.105
> www.sweet4usxy.com.	10	A	204.180.135.105
> www.hottbabe.com.	10	A	204.180.135.105
> www.dinkydoggy.com.	10	A	204.180.135.105
> http://www.lauramarie.com.	10	A	204.180.135.105
> www.sinfuldesire.com.	10	A	204.180.135.105
> www.lisashothomepage.com.	10	A	204.180.135.105
> www.peytonzplace.com.	10	A	204.180.135.105
> www.teasercam.com.	10	A	204.180.135.105
> www.girlnextdoornude.com.	10	A	204.180.135.105
> www.torilive4uteasercam.com.	10	A	204.180.135.105
> www.mistressofthenight.com.	10	A	204.180.135.105
> www.fredy.com.	10	A	204.180.135.105
> ahotchicks-hardcore-sex.com.	10	A	204.180.135.105
> www.livelyluci.com.	10	A	204.180.135.105
> www.kalliex.com.	10	A	204.180.135.105
> www.debsdesires.com.	10	A	204.180.135.105
> www.iseekamateurs.com.	10	A	204.180.135.105
> www.tiffanyraw2000.com.	10	A	204.180.135.105
> www.buffnet.com.	10	A	204.180.135.105
> www.eva-live.com.	10	A	204.180.135.105
> www.natural38dds.com.	10	A	204.180.135.105
> www.niseyxxx.com.	10	A	204.180.135.105
> candy36ddd.com.	10	A	204.180.135.105
> ohsofine.com.	10	A	204.180.135.105
> www.ohsofine.com.	10	A	204.180.135.105
> tranzgirl.com.	10	A	204.180.135.105
> www.xxxtremefetish.com.	10	A	204.180.135.105
> www.alyxinwonderland.com.	10	A	204.180.135.105
> www.creole69.com.	10	A	204.180.135.105
> prodical.myfriends1.webpower.com.	10	A	204.180.135.105
> myifriendsdsns/.webpower.com.	10	A	204.180.135.105
> www.majorpornsites.com.	10	A	204.180.135.105
> www.latinass69.com.	10	A	204.180.135.105
> www.hothornyhousewife.com.	10	A	204.180.135.105
> www.erosrouge.com.	10	A	204.180.135.105
> yumyum34d.com.	10	A	204.180.135.105
> hypnofiles.com.	10	A	204.180.135.105
> http://sisseys-sex-fetish.com.	10	A	204.180.135.105
> www.maliahart.com.	10	A	204.180.135.105
> www.camholio.com.	10	A	204.180.135.105
> www.georgiachicks.com.	10	A	204.180.135.105
> www.foxymelody.com.	10	A	204.180.135.105
> www.hottiebody.com.	10	A	204.180.135.105
> www.neatspot.com.	10	A	204.180.135.105
> www.xxxjade79.com.	10	A	204.180.135.105
> www.hottani.com.	10	A	204.180.135.105
> www.jensex.com.	10	A	204.180.135.105
> studiocaliente.com.	10	A	204.180.135.105
> www.studiocaliente.com.	10	A	204.180.135.105
> www.sinloverxxx.com.	10	A	204.180.135.105
> www.ladybunny.com.	10	A	204.180.135.105
> www.freeballoonpix.com.	10	A	204.180.135.105
> www.sex24hrsaday.com.	10	A	204.180.135.105
> www.aussiereeta.com.	10	A	204.180.135.105
> www.gingerlixxx.com.	10	A	204.180.135.105
> www.cashmirliv.com.	10	A	204.180.135.105
> www.peytons-place.com.	10	A	204.180.135.105
> www.electricvelvet.com.	10	A	204.180.135.105
> com.	86400	SOA	webpower.com. postmaster.webpower.com. (
> 			151	; serial
> 			10800	; refresh (3 hours)
> 			900	; retry (15 mins)
> 			604800	; expire (7 days)
> 			86400 )	; minimum (1 day)
> ;; Received 78 answers (78 records).
> ;; FROM: cuscus.cc.uq.edu.au to SERVER: 204.180.135.105
> ;; WHEN: Tue Aug 15 23:44:02 2000
> -----------------------------  end  -----------------------------
>=20
>=20
> -- Attached file included as plaintext by Listar --
>=20
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.2 (GNU/Linux)
> Comment: Public key available from Keyservers or=20
http://www.uq.edu.au/~suter/

iD8DBQE5mgf37EsZXfL+uzYRAsdoAKCZjiR3ZfthZm8K5zp/4ly6+gEvfACeLgsl
1HJ74Cl7bAG6w+RHlPnHkd4=3D
=3DgH6P
-----END PGP SIGNATURE-----

More information about the bind-users mailing list