DNS is tainted

Jeff Peng pengyh at inbox.com
Wed Jun 8 03:09:47 UTC 2011


From the dig info below:

C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com
www.nsbeta.info.        3497    IN      CNAME   nsbeta.info.
nsbeta.info.            2434    IN      A

C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com
www.nsbeta.info.        3492    IN      CNAME   nsbeta.info.
nsbeta.info.            2429    IN      A

C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com
www.nsbeta.info.        3486    IN      CNAME   nsbeta.info.
nsbeta.info.            2423    IN      A

I think my office network's DNS is tainted. because:

1) ns1.google.com is authoritative nameserver only, which shouldn't answer this query.
2) the TTL is decreased each time, if it's a real authority answer, the TTL should be all the same.

And this is the full output of dig:

C:\dig>dig  www.nsbeta.info  @ns1.google.com

; <<>> DiG 9.3.2 <<>> www.nsbeta.info @ns1.google.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1183
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;www.nsbeta.info.               IN      A

www.nsbeta.info.        3111    IN      CNAME   nsbeta.info.
nsbeta.info.            2048    IN      A

;; Query time: 15 msec
;; WHEN: Wed Jun 08 11:09:09 2011
;; MSG SIZE  rcvd: 74

How to deal with  this case? Thanks.


FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop!
Check it out at http://www.inbox.com/earth

More information about the bind-users mailing list