nanog mailing list archives

Re: DNS hijack?

From: Jeff Shultz <jeffshultz () sctcweb com>
Date: Thu, 11 Nov 2021 18:34:42 -0800

Yeah, apparently when a domain expires, a lot of DNS queries to domains in
that domain's DNS server... get redirected to a Network Solutions "this is
expired" website at that IP.
Even though those domains are perfectly legit and paid up. Or so it was
explained to me and how it appeared.

Anything I could say about my opinion of that might be actionable, or at
least inflammatory, so I'll stop now. The original problem has been
corrected.

On Thu, Nov 11, 2021 at 1:40 PM Stephane Bortzmeyer <bortzmeyer () nic fr>
wrote:

On Thu, Nov 11, 2021 at 01:28:07PM -0800,
 Jeff Shultz <jeffshultz () sctcweb com> wrote
 a message of 105 lines which said:

I hit my registrar, DirectNic, and found I'm good through 2023. They
pulled up DNS checker and found that a bunch of DNS servers were
showing 208.91.197.132 as the IP for the domain. It's actually in
64.130.197.x .

I'm wondering if I was the only one?


No, you're not. Half of the RIPE Atlas probes see the wrong address:

% blaeu-resolve -r 100 --type A 2dpnr.org
[64.130.197.11] : 59 occurrences
[208.91.197.132] : 41 occurrences
Test #33310635 done at 2021-11-11T21:38:30Z



-- 
Jeff Shultz

-- 
Like us on Social Media for News, Promotions, and other information!!

   
<https://www.facebook.com/SCTCWEB/>      
<https://www.instagram.com/sctc_sctc/>      
<https://www.yelp.com/biz/sctc-stayton-3>      
<https://www.youtube.com/c/sctcvideos>













_**** This message 
contains confidential information and is intended only for the individual 
named. If you are not the named addressee you should not disseminate, 
distribute or copy this e-mail. Please notify the sender immediately by 
e-mail if you have received this e-mail by mistake and delete this e-mail 
from your system. E-mail transmission cannot be guaranteed to be secure or 
error-free as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses. The sender therefore does 
not accept liability for any errors or omissions in the contents of this 
message, which arise as a result of e-mail transmission. ****_

Current thread:

DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 11)
  - Re: DNS hijack? Jeff Shultz (Nov 11)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Matthew Petach (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Robert L Mathews (Nov 12)
    - Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Richard (Nov 12)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Jim (Nov 12)
    - Re: DNS hijack? Rubens Kuhl (Nov 12)

(Thread continues...)