nanog mailing list archives

Re: DNS hijack?

From: Stephane Bortzmeyer <bortzmeyer () nic fr>
Date: Thu, 11 Nov 2021 22:40:13 +0100

On Thu, Nov 11, 2021 at 01:28:07PM -0800,
 Jeff Shultz <jeffshultz () sctcweb com> wrote 
 a message of 105 lines which said:

I hit my registrar, DirectNic, and found I'm good through 2023. They
pulled up DNS checker and found that a bunch of DNS servers were
showing 208.91.197.132 as the IP for the domain. It's actually in
64.130.197.x .

I'm wondering if I was the only one?


No, you're not. Half of the RIPE Atlas probes see the wrong address:

% blaeu-resolve -r 100 --type A 2dpnr.org
[64.130.197.11] : 59 occurrences
[208.91.197.132] : 41 occurrences
Test #33310635 done at 2021-11-11T21:38:30Z

Current thread:

DNS hijack? Jeff Shultz (Nov 11)
- Re: DNS hijack? Jeff Shultz (Nov 11)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 11)
  - Re: DNS hijack? Jeff Shultz (Nov 11)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Matthew Petach (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Robert L Mathews (Nov 12)
    - Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Richard (Nov 12)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Jim (Nov 12)

(Thread continues...)