nanog mailing list archives

Re: DNS hijack?

From: Richard <lists-nanog () listmail innovate net>
Date: Thu, 11 Nov 2021 21:44:04 +0000

Date: Thursday, November 11, 2021 13:28:07 -0800
From: Jeff Shultz <jeffshultz () sctcweb com>

Okay, so this is anecdotal, but since the domain belongs to me it's
more than a little annoying.

I got some calls that one of my domains, 2dpnr.org was going to a
page that said it was Network Solutions and that my domain was
available for renew or purchase.

I hit my registrar, DirectNic, and found I'm good through 2023.
They pulled up DNS checker and found that a bunch of DNS servers
were showing 208.91.197.132 as the IP for the domain. It's actually
in 64.130.197.x .


You have two nameservers listed:

  Domain Name: 2DPNR.ORG

  Name Server: GATEWAY.WVI.COM
  Name Server: VOYAGER.VISER.NET


The second of these is returning the 208.nnn IPnumber for your
a-record:

   dig @VOYAGER.VISER.NET 2dpnr.org

   2dpnr.org. 300 IN A 208.91.197.132

The other one is returning the 64.nnn number.

So, the issue is somewhere in your dns.

Current thread:

DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 11)
  - Re: DNS hijack? Jeff Shultz (Nov 11)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Matthew Petach (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Robert L Mathews (Nov 12)
    - Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Richard (Nov 12)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Jim (Nov 12)
    - Re: DNS hijack? Rubens Kuhl (Nov 12)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Stephane Bortzmeyer (Nov 13)
    - Re: DNS hijack? Nick Hilliard (Nov 13)