Full Disclosure mailing list archives

Re: Possible DNS compromise/poisoning?

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 05 Jan 2005 19:12:43 +0100

Is anyone else seeing this:

--SNIP--
;; QUESTION SECTION:
;www.microsoft.com.             IN      A

;; ANSWER SECTION:
www.microsoft.com.      2415    IN      CNAME
www.microsoft.com.nsatc.net.
--SNIP--

Notice that www.microsoft.com is a cname for
www.microsoft.com.nsatc.net.  It's not limited to www.microsoft.com
and to the best of my knowledge the correct web content is
displayed.


AFAIK, this is a side effect because Microsoft uses Savvis' content
distribution network.

This is by no means a recent change.  It's been this way since last
June, probably much longer (I haven't got older data).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Possible DNS compromise/poisoning? nicholasnam (Jan 05)
- Re: Possible DNS compromise/poisoning? KF (lists) (Jan 05)
- Re: Possible DNS compromise/poisoning? Florian Weimer (Jan 05)
- RE: Possible DNS compromise/poisoning? ALD, Aditya, Aditya Lalit Deshmukh (Jan 05)
- Re: Possible DNS compromise/poisoning? DanBUK (Jan 06)
- Re: Possible DNS compromise/poisoning? J.A. Terranson (Jan 06)
- Re: Possible DNS compromise/poisoning? Ben McGinnes (Jan 07)
- <Possible follow-ups>
- RE: Possible DNS compromise/poisoning? Madison, Marc (Jan 06)
- RE: Possible DNS compromise/poisoning? nicholasnam (Jan 06)