nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: aljazeera.net domain owned.

From: Mike Tancsa <mike () sentex net>
Date: Thu, 27 Mar 2003 17:04:28 -0500



Looks like 213.30.180.218 allows unrestricted zone transfers.

> ls -d ALJAZEERA.NET.
[[213.30.180.218]]
$ORIGIN aljazeera.net.
@                       15M IN SOA      ns3 dnsadmin.nav-link.net. (
                                        2003032706      ; serial
                                        3H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        15M )           ; minimum

                        15M IN NS       ns1sa.navlink.com.
                        15M IN NS       ns3
                        15M IN MX       10 mail
                        15M IN A        213.30.180.219
ns3                     15M IN A        213.30.180.218
admin                   15M IN A        213.30.180.219
synadmin                15M IN A        213.30.180.220
english                 15M IN A        213.30.180.219
jazad01                 15M IN A        213.30.180.220
wrc                     15M IN A        213.30.180.222
jazad02                 15M IN A        213.30.180.220
cm                      15M IN A        213.130.180.216
syndication             15M IN A        213.30.180.220
jazad                   15M IN A        213.30.180.220
mail                    15M IN A        64.110.61.12
www                     15M IN CNAME    @
bm                      15M IN A        213.30.180.221
www1                    15M IN A        213.30.180.219
www2                    15M IN A        213.30.180.219
ftp                     15M IN CNAME    @
stats                   15M IN A        213.30.180.222
users                   15M IN A        213.30.180.219
@                       15M IN SOA      ns3 dnsadmin.nav-link.net. (
                                        2003032706      ; serial
                                        3H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        15M )           ; minimum

>


Handy to do a quick update on any servers doing recursion.

        ---Mike



At 03:48 PM 27/03/2003 -0600, John Palmer wrote:
Hmm - don't think so - although nothing is up there - www.aljazeera.net resolves to 127.0.0.1. 
This is from the MYDOMAIN.COM nameservers listed as the auth for this domain:

; <<>> DiG 8.2 <<>> ns aljazeera.net @b.gtld-servers.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUERY SECTION:
;;      aljazeera.net, type = NS, class = IN

;; ANSWER SECTION:
aljazeera.net.          2D IN NS        NS4.MYDOMAIN.COM.
aljazeera.net.          2D IN NS        NS1.MYDOMAIN.COM.
aljazeera.net.          2D IN NS        NS2.MYDOMAIN.COM.
aljazeera.net.          2D IN NS        NS3.MYDOMAIN.COM.

;; ADDITIONAL SECTION:
NS4.MYDOMAIN.COM.       2D IN A         63.251.83.74
NS1.MYDOMAIN.COM.       2D IN A         64.94.117.195
NS2.MYDOMAIN.COM.       2D IN A         216.52.121.228
NS3.MYDOMAIN.COM.       2D IN A         66.150.161.130

;; Total query time: 80 msec
;; FROM: LAIR.LION to SERVER: b.gtld-servers.net  192.33.14.30
;; WHEN: Thu Mar 27 16:38:14 2003
;; MSG SIZE  sent: 31  rcvd: 179

LAIR$ dig www.aljazeera.net @ns1.mydomain.com

; <<>> DiG 8.2 <<>> www.aljazeera.net @ns1.mydomain.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;;      www.aljazeera.net, type = A, class = IN

;; ANSWER SECTION:
www.aljazeera.net.      2M IN A         127.0.0.1

;; AUTHORITY SECTION:
aljazeera.net.          2M IN NS        ns1.mydomain.com.
aljazeera.net.          2M IN NS        ns2.mydomain.com.
aljazeera.net.          2M IN NS        ns3.mydomain.com.
aljazeera.net.          2M IN NS        ns4.mydomain.com.

;; ADDITIONAL SECTION:
ns1.mydomain.com.       30M IN A        64.94.117.195
ns2.mydomain.com.       30M IN A        216.52.121.228
ns3.mydomain.com.       30M IN A        66.150.161.130
ns4.mydomain.com.       30M IN A        63.251.83.74

;; Total query time: 117 msec
;; FROM: LAIR.LION to SERVER: ns1.mydomain.com  64.94.117.195
;; WHEN: Thu Mar 27 16:38:28 2003
;; MSG SIZE  sent: 35  rcvd: 199

----- Original Message -----
From: "Eric Brunner-Williams in Portland Maine" <brunner () nic-naa net>
To: "Sean Donelan" <sean () donelan com>
Cc: "Abdullah Ibn Hamad Al-Marri" <arabian () ArabChat Org>; <nanog () merit edu>; <brunner () nic-naa net> 
Sent: Thursday, March 27, 2003 15:30
Subject: Re: aljazeera.net domain owned.


>
> Earlier today I logged a disparity between the NSI web whois interface
> and the whois commandline interface outputs (http://nic-iq.nic-naa.net,
> bottom of page).
>
> I sent mail to two contacts inside Verisign, and at 4:30pm EST, the
> hijack appears to be over, at least as far as NS records are concerned.
>
>
Previous By Date Next
Previous By Thread Next

Current thread: