nanog mailing list archives
Re: DNS hijack?
From: Richard <lists-nanog () listmail innovate net>
Date: Thu, 11 Nov 2021 21:44:04 +0000
Date: Thursday, November 11, 2021 13:28:07 -0800 From: Jeff Shultz <jeffshultz () sctcweb com> Okay, so this is anecdotal, but since the domain belongs to me it's more than a little annoying. I got some calls that one of my domains, 2dpnr.org was going to a page that said it was Network Solutions and that my domain was available for renew or purchase. I hit my registrar, DirectNic, and found I'm good through 2023. They pulled up DNS checker and found that a bunch of DNS servers were showing 208.91.197.132 as the IP for the domain. It's actually in 64.130.197.x .
You have two nameservers listed: Domain Name: 2DPNR.ORG Name Server: GATEWAY.WVI.COM Name Server: VOYAGER.VISER.NET The second of these is returning the 208.nnn IPnumber for your a-record: dig @VOYAGER.VISER.NET 2dpnr.org 2dpnr.org. 300 IN A 208.91.197.132 The other one is returning the 64.nnn number. So, the issue is somewhere in your dns.
Current thread:
- DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? William Herrin (Nov 12)
- Re: DNS hijack? Matthew Petach (Nov 12)
- Re: DNS hijack? Jeff Shultz (Nov 12)
- Re: DNS hijack? Robert L Mathews (Nov 12)
- Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Jeff Shultz (Nov 12)
- Re: DNS hijack? Jim (Nov 12)
- Re: DNS hijack? Rubens Kuhl (Nov 12)
- Re: DNS hijack? William Herrin (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 13)
- Re: DNS hijack? Nick Hilliard (Nov 13)