Interesting new dns failures
xenophage0 at gmail.com
Mon May 21 17:49:01 UTC 2007
On 5/20/07, Roger Marquis <marquis at roble.com> wrote:
> Most of the individual nameservers do not answer queries, the ones
> that do are open to recursion, and all are hosted in cable/dsl/dial-up
> address space with correspondingly rfc-illegal reverse zones. Running
> 'host -at ns' a few times shows the list of nameservers is rotated
> every few seconds, and occasionally returns "server localhost".
They're likely not name servers, or at least not all name servers..
I'd venture a guess as to these being part of a "Snowshoe" spammer
network... I've been getting hit by similar domains for a few weeks
now.. Blocking seems to be the best way to handle them..
Looks like some of these are running nginx (http://nginx.net/) as a
web server... I've seen others with centos installs.. My guess is
that the web servers are for management of the spamming software..
> Roger Marquis
Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com
More information about the NANOG