nanog mailing list archives
Re: DNS hijack?
From: Jeff Shultz <jeffshultz () sctcweb com>
Date: Thu, 11 Nov 2021 18:34:42 -0800
Yeah, apparently when a domain expires, a lot of DNS queries to domains in that domain's DNS server... get redirected to a Network Solutions "this is expired" website at that IP. Even though those domains are perfectly legit and paid up. Or so it was explained to me and how it appeared. Anything I could say about my opinion of that might be actionable, or at least inflammatory, so I'll stop now. The original problem has been corrected. On Thu, Nov 11, 2021 at 1:40 PM Stephane Bortzmeyer <bortzmeyer () nic fr> wrote:
On Thu, Nov 11, 2021 at 01:28:07PM -0800, Jeff Shultz <jeffshultz () sctcweb com> wrote a message of 105 lines which said:I hit my registrar, DirectNic, and found I'm good through 2023. They pulled up DNS checker and found that a bunch of DNS servers were showing 208.91.197.132 as the IP for the domain. It's actually in 64.130.197.x . I'm wondering if I was the only one?No, you're not. Half of the RIPE Atlas probes see the wrong address: % blaeu-resolve -r 100 --type A 2dpnr.org [64.130.197.11] : 59 occurrences [208.91.197.132] : 41 occurrences Test #33310635 done at 2021-11-11T21:38:30Z
-- Jeff Shultz -- Like us on Social Media for News, Promotions, and other information!! <https://www.facebook.com/SCTCWEB/> <https://www.instagram.com/sctc_sctc/> <https://www.yelp.com/biz/sctc-stayton-3> <https://www.youtube.com/c/sctcvideos> _**** This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. ****_
Current thread:
- DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? William Herrin (Nov 12)
- Re: DNS hijack? Matthew Petach (Nov 12)
- Re: DNS hijack? Jeff Shultz (Nov 12)
- Re: DNS hijack? Robert L Mathews (Nov 12)
- Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Jeff Shultz (Nov 12)
- Re: DNS hijack? Jim (Nov 12)
- Re: DNS hijack? Rubens Kuhl (Nov 12)