Poisoned DNS?

Peter Dambier peter at peter-dambier.de
Wed May 23 12:24:00 UTC 2007


Ben Brick wrote:
> Hi.
> 
> I'm getting some odd resutls from domains that don't exist.
> 
> A dig for the root, shows me the following:
> 
> # dig . +trace
> 
> ; <<>> DiG 9.3.2 <<>> . +trace
> ;; global options:  printcmd
> .                       47092   IN      NS      ns1.catcher.co.uk.
> .                       47092   IN      NS      ns3.catcher.co.uk.
> ;; Received 96 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
> 
> .                       86400   IN      SOA     ns1.catcher.co.uk.
> seb.catalink.com. 45 28800 14400 3600000 86400
> ;; Received 85 bytes from 83.138.190.136#53(ns1.catcher.co.uk) in 35 ms
> 
> Does anyone know what is going on?
> 
> Many thanks,
> Ben
> 

You have stumpled into a Baptista Vortex

; <<>> DiG 9.4.0b4 <<>> . @ns1.catcher.co.uk axfr
; (1 server found)
;; global options:  printcmd
.                       86400   IN      SOA     ns1.catcher.co.uk. seb.catalink.com. 45 28800 14400 3600000 86400
.                       86400   IN      NS      ns1.catcher.co.uk.
.                       86400   IN      NS      ns3.catcher.co.uk.
*.                      86400   IN      A       83.138.141.238
.                       86400   IN      SOA     ns1.catcher.co.uk. seb.catalink.com. 45 28800 14400 3600000 86400
;; Query time: 179 msec
;; SERVER: 83.138.190.136#53(83.138.190.136)
;; WHEN: Wed May 23 14:16:36 2007
;; XFR size: 5 records (messages 1, bytes 167)


http://www.interesting-people.org/archives/interesting-people/200204/msg00135.html



-- 
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.arl.pirates
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/



More information about the bind-users mailing list