DNS hijack?

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Nov 12 19:27:39 UTC 2021


On Thu, Nov 11, 2021 at 09:44:04PM +0000,
 Richard <lists-nanog at listmail.innovate.net> wrote 
 a message of 37 lines which said:

> The second of these is returning the 208.nnn IPnumber for your
> a-record:
> 
>    dig @VOYAGER.VISER.NET 2dpnr.org
> 
>    2dpnr.org. 300 IN A 208.91.197.132

It depends on where you are (from my resolver, I get
64.130.197.11). This is because the name voyager.viser.net is not
stable yet. Depending on your resolver, it points to 64.130.200.16 -
which seems to give correct answers - or to 208.91.197.132 - which
replies even for nonexisting domain names.

Lesson: don't use a name as an argument to dig's @


More information about the NANOG mailing list