nanog mailing list archives
Level(3) DNS Spoofing All Domains
From: "Marshall, Quincy" <Quincy.Marshall () reged com>
Date: Mon, 18 Nov 2019 17:45:06 +0000
This is mostly informational and may have already hit this group. My google-foo failed me if so. I discovered that the CenturyLink/Level(3) public DNS (4.2.2.2, etc) are spoofing all domains. If the hostname begins with a "w" and does not exist in the authoritative zone these hosts will return two Akamai hosts. [root@localhost ~]# dig +short w3.dummydomaindoesntexist.gov @4.2.2.2 23.202.231.167 23.217.138.108 [root@localhost ~]# dig +short w3.dummydomaindoesntexist.net @4.2.2.2 23.202.231.167 23.217.138.108 [root@localhost ~]# dig +short w3.dummydomaindoesntexist.com @4.2.2.2 23.202.231.167 23.217.138.108 [root@localhost ~]# dig +short w3.dummydomaindoesntexist.org @4.2.2.2 23.202.231.167 23.217.138.108 My apologies if this is old news. Lawrence Q. Marshall --------------------------------------------------------------------------------------- This email has been scanned for email related threats and delivered safely by Mimecast. For more information please visit http://www.mimecast.com ---------------------------------------------------------------------------------------
Current thread:
- Level(3) DNS Spoofing All Domains Marshall, Quincy (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Pierre Emeriaud (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Patrick Schultz (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Matthew Pounsett (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Mel Beckman (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Christopher Morrow (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Matthew Pounsett (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Brandon Martin (Nov 19)
- RE: Level(3) DNS Spoofing All Domains Ryan, Spencer (Nov 19)
- RE: Level(3) DNS Spoofing All Domains Marshall, Quincy (Nov 19)
- Re: Level(3) DNS Spoofing All Domains Mike Bolitho (Nov 19)
- RE: Level(3) DNS Spoofing All Domains Marshall, Quincy (Nov 19)