Home page logo
/

nanog logo nanog mailing list archives

Re: untied (fwd)
From: "Christopher L. Morrow" <chris () UU NET>
Date: Mon, 24 Feb 2003 05:45:52 +0000 (GMT)


fwd per request...

(I'm not sure how to contact united, though I'd guess PNAP/InterNap might
know, since I see the fictional www.united.com through there)

---------- Forwarded message ----------
Date: Mon, 24 Feb 2003 14:36:00 +0900
From: Randy Bush <randy () psg com>
To: Christopher L. Morrow <chris () UU NET>
Subject: Re: untied

bingo!!

so, please post to nanog

and if you know how to get to untied, ...

So, looks like:

dig www.united.com

returns:

 dig www.united.com

; <<>> DiG 8.1 <<>> www.united.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUERY SECTION:
;;      www.united.com, type = A, class = IN

;; ANSWER SECTION:
www.united.com.         5S IN A         64.95.89.8

;; Total query time: 32 msec
;; FROM: sharpie.argfrp.us.uu.net to SERVER: default -- 153.39.56.91
;; WHEN: Mon Feb 24 05:22:35 2003
;; MSG SIZE  sent: 32  rcvd: 48

then:

 dig www.united.com

; <<>> DiG 8.1 <<>> www.united.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 13
;; QUERY SECTION:
;;      www.united.com, type = A, class = IN

;; ANSWER SECTION:
www.united.com.         4S IN A         64.95.89.8

;; AUTHORITY SECTION:
COM.                    1d20h32m39s IN NS  A.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  G.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  H.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  C.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  I.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  B.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  D.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  L.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  F.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  J.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  K.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  E.GTLD-SERVERS.NET.
COM.                    1d20h32m39s IN NS  M.GTLD-SERVERS.NET.

;; ADDITIONAL SECTION:
A.GTLD-SERVERS.NET.     4d20h43m26s IN A  192.5.6.30
G.GTLD-SERVERS.NET.     21h40m30s IN A  192.42.93.30
H.GTLD-SERVERS.NET.     21h40m30s IN A  192.54.112.30
C.GTLD-SERVERS.NET.     21h40m30s IN A  192.26.92.30
I.GTLD-SERVERS.NET.     21h40m30s IN A  192.43.172.30
B.GTLD-SERVERS.NET.     21h11m25s IN A  192.33.14.30
D.GTLD-SERVERS.NET.     21h31m38s IN A  192.31.80.30
L.GTLD-SERVERS.NET.     5h52m10s IN A   192.41.162.30
F.GTLD-SERVERS.NET.     21h40m30s IN A  192.35.51.30
J.GTLD-SERVERS.NET.     7h42m59s IN A   192.48.79.30
K.GTLD-SERVERS.NET.     7h43m IN A      192.52.178.30
E.GTLD-SERVERS.NET.     10h26m34s IN A  192.12.94.30
M.GTLD-SERVERS.NET.     23h34m11s IN A  192.55.83.30

;; Total query time: 10 msec
;; FROM: sharpie.argfrp.us.uu.net to SERVER: default -- 153.39.56.91
;; WHEN: Mon Feb 24 05:22:36 2003
;; MSG SIZE  sent: 32  rcvd: 483


and that repeats over and over and over... HOWEVER,

 dig NS united.com

; <<>> DiG 8.1 <<>> NS united.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; QUERY SECTION:
;;      united.com, type = NS, class = IN

;; ANSWER SECTION:
united.com.             23h59m52s IN NS  dns01.uls-prod.com.
united.com.             23h59m52s IN NS  dns02.uls-prod.com.

;; ADDITIONAL SECTION:
dns01.uls-prod.com.     1d11h2m40s IN A  64.95.89.200
dns02.uls-prod.com.     1d11h2m40s IN A  64.95.88.200

;; Total query time: 1 msec
;; FROM: sharpie.argfrp.us.uu.net to SERVER: default -- 153.39.56.91
;; WHEN: Mon Feb 24 05:22:51 2003
;; MSG SIZE  sent: 28  rcvd: 112

and then querying from one of them direct gets:

timeouts for: 64.95.89.200 and 64.95.88.200

So, their DNS is busted it seems :( bummer for them. (or was this not what
you were seeing?)



--Chris
(chris () uu net)
#######################################################
## UUNET Technologies, Inc.                          ##
## Manager                                           ##
## Customer Router Security Engineering Team         ##
## (W)703-886-3823 (C)703-338-7319                   ##
#######################################################

On Mon, 24 Feb 2003, Randy Bush wrote:


could someone else please check the dns for www.united.com?  the servers
for united.com seem to delegate www.united.com, but the delegatee seems
not to return an soa.  i get very confusing results.

randy, feeling stoopid




  By Date           By Thread  

Current thread:
  • Re: untied (fwd) Christopher L. Morrow (Feb 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]