DNS hijack?

• Previous message (by thread): DNS hijack?
• Next message (by thread): DNS hijack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Nov 12, 2021 at 1:29 PM Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Thu, Nov 11, 2021 at 09:44:04PM +0000,     [..]
> It depends on where you are (from my resolver, I get
> 64.130.197.11). This is because the name voyager.viser.net is not
> stable yet. Depending on your resolver, it points to 64.130.200.16 -
> which seems to give correct answers - or to 208.91.197.132 - which
> replies even for nonexisting domain names.
[..]

So yes, then.. A DNS Hijack by NetSol redirecting the hostname on an expired SLD
related to one of the individual nameserver hosts to a
faulty/non-compliant nameserver
of NetSol's that then publishes bogus RRs for domains that registrar
have no authority over.

That means instead of the 1 nameserver failing; the entire domain
breaks, even if there are multiple nameservers listed, and only 1 had
been accidentally allowed to expire.

DNSSEC would help here.   NetSol's rogue nameserver wouldn't be able to produce
the signed zone if validation were required.

-- 
-JH

• Previous message (by thread): DNS hijack?
• Next message (by thread): DNS hijack?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]