root name server hijacked?

Chimento, Douglas Douglas.Chimento at FMR.COM
Thu Dec 5 17:45:05 UTC 2002


How did you do that?
You can't make a recursive query the root servers.

-----Original Message-----
From: Dai Yuwen [mailto:yuwen at micetek.com.cn] 
Sent: Thursday, December 05, 2002 3:22 AM
To: comp-protocols-dns-bind at isc.org
Subject: root name server hijacked?



Hi, All

Please see what happened when I query a domain name containing "freenet":

$ dig @198.32.64.12 www.freenet.com

; <<>> DiG 9.2.1 <<>> @198.32.64.12 www.freenet.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42495
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.freenet.com.               IN      A

;; ANSWER SECTION:
www.freenet.com.        300     IN      A       64.33.88.161

;; Query time: 13 msec
;; SERVER: 198.32.64.12#53(198.32.64.12)
;; WHEN: Thu Dec  5 16:15:20 2002
;; MSG SIZE  rcvd: 49

NOTE the result is "64.33.88.161".  Again:
$ dig @198.32.64.12 www.freenetabceaaaa.com

; <<>> DiG 9.2.1 <<>> @198.32.64.12 www.freenetabceaaaa.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44741
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.freenetabceaaaa.com.       IN      A

;; ANSWER SECTION:
www.freenetabceaaaa.com. 300    IN      A       64.33.88.161

;; Query time: 12 msec
;; SERVER: 198.32.64.12#53(198.32.64.12)
;; WHEN: Thu Dec  5 16:16:50 2002
;; MSG SIZE  rcvd: 57

The query result will be 64.33.88.161 as long as the domain name contain 
"freenet" even though that domain name doesn't exist.

Any explanation?

Best regards,



More information about the bind-users mailing list