nanog mailing list archives

Re: DNS hijack?

From: Jim <mysidia () gmail com>
Date: Fri, 12 Nov 2021 17:02:54 -0600

On Fri, Nov 12, 2021 at 1:29 PM Stephane Bortzmeyer <bortzmeyer () nic fr> wrote:

On Thu, Nov 11, 2021 at 09:44:04PM +0000,     [..]
It depends on where you are (from my resolver, I get
64.130.197.11). This is because the name voyager.viser.net is not
stable yet. Depending on your resolver, it points to 64.130.200.16 -
which seems to give correct answers - or to 208.91.197.132 - which
replies even for nonexisting domain names.

[..]

So yes, then.. A DNS Hijack by NetSol redirecting the hostname on an expired SLD
related to one of the individual nameserver hosts to a
faulty/non-compliant nameserver
of NetSol's that then publishes bogus RRs for domains that registrar
have no authority over.

That means instead of the 1 nameserver failing; the entire domain
breaks, even if there are multiple nameservers listed, and only 1 had
been accidentally allowed to expire.

DNSSEC would help here.   NetSol's rogue nameserver wouldn't be able to produce
the signed zone if validation were required.

-- 
-JH

Current thread:

Re: DNS hijack?, (continued)
- Re: DNS hijack? Stephane Bortzmeyer (Nov 11)
  - Re: DNS hijack? Jeff Shultz (Nov 11)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Matthew Petach (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Robert L Mathews (Nov 12)
    - Re: DNS hijack? Jim (Nov 13)
- Re: DNS hijack? Richard (Nov 12)
  - Re: DNS hijack? Stephane Bortzmeyer (Nov 12)
    - Re: DNS hijack? Jeff Shultz (Nov 12)
    - Re: DNS hijack? Jim (Nov 12)
    - Re: DNS hijack? Rubens Kuhl (Nov 12)
    - Re: DNS hijack? William Herrin (Nov 12)
    - Re: DNS hijack? Stephane Bortzmeyer (Nov 13)
    - Re: DNS hijack? Nick Hilliard (Nov 13)