root name server hijacked?
Chimento, Douglas
Douglas.Chimento at FMR.COM
Thu Dec 5 17:45:05 UTC 2002
How did you do that?
You can't make a recursive query the root servers.
-----Original Message-----
From: Dai Yuwen [mailto:yuwen at micetek.com.cn]
Sent: Thursday, December 05, 2002 3:22 AM
To: comp-protocols-dns-bind at isc.org
Subject: root name server hijacked?
Hi, All
Please see what happened when I query a domain name containing "freenet":
$ dig @198.32.64.12 www.freenet.com
; <<>> DiG 9.2.1 <<>> @198.32.64.12 www.freenet.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42495
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.freenet.com. IN A
;; ANSWER SECTION:
www.freenet.com. 300 IN A 64.33.88.161
;; Query time: 13 msec
;; SERVER: 198.32.64.12#53(198.32.64.12)
;; WHEN: Thu Dec 5 16:15:20 2002
;; MSG SIZE rcvd: 49
NOTE the result is "64.33.88.161". Again:
$ dig @198.32.64.12 www.freenetabceaaaa.com
; <<>> DiG 9.2.1 <<>> @198.32.64.12 www.freenetabceaaaa.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44741
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.freenetabceaaaa.com. IN A
;; ANSWER SECTION:
www.freenetabceaaaa.com. 300 IN A 64.33.88.161
;; Query time: 12 msec
;; SERVER: 198.32.64.12#53(198.32.64.12)
;; WHEN: Thu Dec 5 16:16:50 2002
;; MSG SIZE rcvd: 57
The query result will be 64.33.88.161 as long as the domain name contain
"freenet" even though that domain name doesn't exist.
Any explanation?
Best regards,
More information about the bind-users
mailing list