fwd: Re: [registrars] Re: panix.com hijacked

Andrew Brown twofsonet at graffiti.com
Sun Jan 16 18:40:06 UTC 2005

On Sun, Jan 16, 2005 at 07:21:55PM +0100, Daniel Karrenberg wrote:
>On 16.01 12:46, William Allen Simpson wrote:
>> >------- Forwarded Message
>> >
>> >From: "Ross Wm. Rader" <ross at tucows.com>
>> > 
>> >
>> >I don't see what you are looking at - .net and .com point to the same 
>> >place with no indication of anything awry...of course, I'm late to the 
>> >game and the DNS probably tells a different story...
>> >
>> > 
>> >
>> This fellow is pretty confused, as from here (Michigan via Merit) the
>> DNS has pointed to different places since yesterday.
>A quick survey of some caching servers in my neighborhood reveals that
>some of them return "old/correct" A RRs for panix.com at this time. 

presumably they have cached ns records from before the switch in the
com tld zone.

>Following the DNS delegation chain from the root name servers provides
>"new/hijacked" answers at this time. So I assume some operators of caching 
>servers now choose to provide data that is inconsistent with the 
>authoritative data in the DNS tree. So depending on where you ask, your
>answer may vary. 

they're not choosing to do so, they're probably operating ~normally.
try asking them for the ns records for panix.com.  the age should give
you an idea of how long ago they were fetched from *.gtld-servers.net.
they probably got them before the switch, they'll time out soon
enough, and then they'll restart from the "wrong" servers.

|-----< "CODE WARRIOR" >-----|
codewarrior at daemon.org             * "ah!  i see you have the internet
twofsonet at graffiti.com (Andrew Brown)                that goes *ping*!"
werdna at squooshy.com       * "information is power -- share the wealth."

More information about the NANOG mailing list