odd behavior in bind-8.2.2_P3 (fwd) - "illegitimate COM server"
Ted_Rule at flextech.co.uk
Ted_Rule at flextech.co.uk
Tue Sep 5 14:00:27 UTC 2000
Here's my best guess so far....
The host at myifriends does indeed seem to putting out invalid com records...
It appears to think it is authoritative for com itself. !!! Also for net. and
heaven knows
what else.
The AXFR listing also shows someone out there seems to be at least trying to
reduce com to a purely porn domain.
Presumably - somehow not sure how - the NS and SOA records from this server
for com "infected" your caching server when it asked for some other com domain
which somehow delegates down to this server.
Methinks someone needs to shut this rogue down - and soon else com may
effectively start to disappear.
Ted Rule,
Flextech Television.
$ dig @myifriendsns1.webpower.com com any
; <<>> DiG 8.2 <<>> @myifriendsns1.webpower.com com any -p
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; com, type = ANY, class = IN
;; ANSWER SECTION:
com. 1D IN A 204.180.135.105
com. 1D IN NS myifriendsns1.webpower.com.
com. 1D IN SOA webpower.com. postmaster.webpower.com. (
175 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; AUTHORITY SECTION:
com. 1D IN NS myifriendsns1.webpower.com.
;; Total query time: 141 msec
;; FROM: intranot.flextech.co.uk to SERVER: myifriendsns1.webpower.com 204.180.
135.105
;; WHEN: Tue Sep 5 14:40:17 2000
;; MSG SIZE sent: 21 rcvd: 135
$ dig @myifriendsns1.webpower.com net any
; <<>> DiG 8.2 <<>> @myifriendsns1.webpower.com net any -p
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; net, type = ANY, class = IN
;; ANSWER SECTION:
net. 1D IN A 204.180.135.105
net. 1D IN NS webpower.com.
net. 1D IN SOA webpower.com. postmaster.webpower.com. (
59 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; AUTHORITY SECTION:
net. 1D IN NS webpower.com.
;; Total query time: 141 msec
;; FROM: intranot.flextech.co.uk to SERVER: myifriendsns1.webpower.com 204.180.
135.105
;; WHEN: Tue Sep 5 14:42:37 2000
;; MSG SIZE sent: 21 rcvd: 124
$ dig @myifriendsns1.webpower.com com axfr
; <<>> DiG 8.2 <<>> @myifriendsns1.webpower.com com axfr -p
; (1 server found)
$ORIGIN com.
@ 1D IN SOA webpower postmaster.webpower (
175 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
1D IN NS myifriendsns1.webpower
1D IN A 204.180.135.105
www.britneyshores 10S IN A 204.180.135.105
www.mysweetkelly 10S IN A 204.180.135.105
www.sweets36dd 10S IN A 204.180.135.105
mysite.sweets36dd 10S IN A 204.180.135.105
www.sisseys-sex-fetish 10S IN A 204.180.135.105
www.myluckylove 10S IN A 204.180.135.105
www.missangel 10S IN A 204.180.135.105
www.reyanasrealm 10S IN A 204.180.135.105
www.2lilnymphs 10S IN A 204.180.135.105
www.barbiwet 10S IN A 204.180.135.105
www.brettnichols 10S IN A 204.180.135.105
www.mzmahogany 10S IN A 204.180.135.105
sexylynn 10S IN A 204.180.135.105
www.ahotcoed21 10S IN A 204.180.135.105
www.hugetoyz 10S IN A 204.180.135.105
http://www.camatuers 10S IN A 204.180.135.105
www.girlyluv 10S IN A 204.180.135.105
www.sissey-sex-fetish 10S IN A 204.180.135.105
www.pleasure-units 10S IN A 204.180.135.105
www.hotcanadian 10S IN A 204.180.135.105
www.sweet4usxy 10S IN A 204.180.135.105
www.hottbabe 10S IN A 204.180.135.105
www.dinkydoggy 10S IN A 204.180.135.105
http://www.lauramarie 10S IN A 204.180.135.105
www.sinfuldesire 10S IN A 204.180.135.105
www.lisashothomepage 10S IN A 204.180.135.105
www.peytonzplace 10S IN A 204.180.135.105
www.teasercam 10S IN A 204.180.135.105
www.girlnextdoornude 10S IN A 204.180.135.105
www.torilive4uteasercam 10S IN A 204.180.135.105
www.mistressofthenight 10S IN A 204.180.135.105
www.fredy 10S IN A 204.180.135.105
ahotchicks-hardcore-sex 10S IN A 204.180.135.105
www.alilgal 10S IN A 204.180.135.105
www.livelyluci 10S IN A 204.180.135.105
www.kalliex 10S IN A 204.180.135.105
www.debsdesires 10S IN A 204.180.135.105
www.iseekamateurs 10S IN A 204.180.135.105
www.tiffanyraw2000 10S IN A 204.180.135.105
www.buffnet 10S IN A 204.180.135.105
www.eva-live 10S IN A 204.180.135.105
www.natural38dds 10S IN A 204.180.135.105
www.sassyone 10S IN A 204.180.135.105
www.niseyxxx 10S IN A 204.180.135.105
candy36ddd 10S IN A 204.180.135.105
www.candy36ddd 10S IN A 204.180.135.105
ohsofine 10S IN A 204.180.135.105
www.ohsofine 10S IN A 204.180.135.105
misxydouno 10S IN A 204.180.135.105
www.misxydouno 10S IN A 204.180.135.105
tranzgirl 10S IN A 204.180.135.105
www.xxxtremefetish 10S IN A 204.180.135.105
www.alyxinwonderland 10S IN A 204.180.135.105
www.creole69 10S IN A 204.180.135.105
prodical.myfriends1.webpower 10S IN A 204.180.135.105
myifriendsdsns/.webpower 10S IN A 204.180.135.105
www.majorpornsites 10S IN A 204.180.135.105
www.latinass69 10S IN A 204.180.135.105
www.hothornyhousewife 10S IN A 204.180.135.105
www.erosrouge 10S IN A 204.180.135.105
www.naughtykasha 10S IN A 204.180.135.105
yumyum34d 10S IN A 204.180.135.105
hypnofiles 10S IN A 204.180.135.105
http://sisseys-sex-fetish 10S IN A 204.180.135.105
www.maliahart 10S IN A 204.180.135.105
www.camholio 10S IN A 204.180.135.105
www.georgiachicks 10S IN A 204.180.135.105
www.foxymelody 10S IN A 204.180.135.105
www.hottiebody 10S IN A 204.180.135.105
www.neatspot 10S IN A 204.180.135.105
www.xxxjade79 10S IN A 204.180.135.105
www.hottani 10S IN A 204.180.135.105
www.jensex 10S IN A 204.180.135.105
studiocaliente 10S IN A 204.180.135.105
www.studiocaliente 10S IN A 204.180.135.105
www.sinloverxxx 10S IN A 204.180.135.105
www.ladybunny 10S IN A 204.180.135.105
www.freeballoonpix 10S IN A 204.180.135.105
www.sex24hrsaday 10S IN A 204.180.135.105
www.aussiereeta 10S IN A 204.180.135.105
www.gingerlixxx 10S IN A 204.180.135.105
www.cashmirliv 10S IN A 204.180.135.105
www.peytons-place 10S IN A 204.180.135.105
www.electricvelvet 10S IN A 204.180.135.105
@ 1D IN SOA webpower postmaster.webpower (
175 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; Received 88 answers (88 records).
;; FROM: intranot.flextech.co.uk to SERVER: 204.180.135.105
;; WHEN: Tue Sep 5 14:43:37 2000
jlewis at lewis.org on 05/09/2000 13:58:19
To: bind-workers at isc.org
cc: (bcc: Ted Rule/160GPS/Flextech/UK)
Subject: odd behavior in bind-8.2.2_P3 (fwd)
Can anyone suggest what may have lead to one of my caching DNS servers to
do the following:
# dig @localhost www.webmastermatrix.com.
; <<>> DiG 8.2 <<>> @localhost www.webmastermatrix.com.
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; www.webmastermatrix.com, type = A, class = IN
;; AUTHORITY SECTION:
com. 2h12m2s IN SOA webpower.com.
postmaster.webpower.com. (
175 ; serial
3H ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
It was spitting out similar cached NXDOMAIN results for a number of other
hosts in other .com domains, but with this same bogus SOA record. I did a
dumpdb (still have it) and if I'm reading it right, the server really
thought this was the SOA for com.
com 81138 IN NS myifriendsns1.webpower.com. ;Cr=auth
86312 IN SOA webpower.com. postmaster.webpower.com. (
175 10800 900 604800 86400 ) ;Cr=auth
The only $ORIGIN above this is '$ORIGIN .'.
This is from bind-8.2.2_P3-0.5.2 on a Red Hat 5.2 system with a very
simple caching only setup.
----------------------------------------------------------------------
Jon Lewis *jlewis at lewis.org*| I route
System Administrator | therefore you are
Atlantic Net |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
More information about the bind-workers
mailing list