Interesting new dns failures

Jason Frisvold xenophage0 at
Mon May 21 17:49:01 UTC 2007

On 5/20/07, Roger Marquis <marquis at> wrote:
> Most of the individual nameservers do not answer queries, the ones
> that do are open to recursion, and all are hosted in cable/dsl/dial-up
> address space with correspondingly rfc-illegal reverse zones.  Running
> 'host -at ns' a few times shows the list of nameservers is rotated
> every few seconds, and occasionally returns "server localhost".

They're likely not name servers, or at least not all name servers..
I'd venture a guess as to these being part of a "Snowshoe" spammer
network...  I've been getting hit by similar domains for a few weeks
now..  Blocking seems to be the best way to handle them..

Looks like some of these are running nginx ( as a
web server...  I've seen others with centos installs..  My guess is
that the web servers are for management of the spamming software..

> Roger Marquis

Jason 'XenoPhage' Frisvold
XenoPhage0 at

More information about the NANOG mailing list