Re: fwd: Re: [registrars] Re: panix.com hijacked

[Andrew Brown <twofsonet () graffiti com>]

On Sun, Jan 16, 2005 at 07:21:55PM +0100, Daniel Karrenberg wrote:
> On 16.01 12:46, William Allen Simpson wrote:
> > > ------- Forwarded Message
> > >
> > > From: "Ross Wm. Rader" <ross () tucows com>
> > >
> > >
> > > I don't see what you are looking at - .net and .com point to the same 
> > > place with no indication of anything awry...of course, I'm late to the 
> > > game and the DNS probably tells a different story...
> > This fellow is pretty confused, as from here (Michigan via Merit) the
> > DNS has pointed to different places since yesterday.
>
> A quick survey of some caching servers in my neighborhood reveals that
> some of them return "old/correct" A RRs for panix.com at this time. 

presumably they have cached ns records from before the switch in the
com tld zone.

> Following the DNS delegation chain from the root name servers provides
> "new/hijacked" answers at this time. So I assume some operators of caching 
> servers now choose to provide data that is inconsistent with the 
> authoritative data in the DNS tree. So depending on where you ask, your
> answer may vary. 

they're not choosing to do so, they're probably operating ~normally.
try asking them for the ns records for panix.com.  the age should give
you an idea of how long ago they were fetched from *.gtld-servers.net.
they probably got them before the switch, they'll time out soon
enough, and then they'll restart from the "wrong" servers.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior () daemon org             * "ah!  i see you have the internet
twofsonet () graffiti com (Andrew Brown)                that goes *ping*!"
werdna () squooshy com       * "information is power -- share the wealth."