DNS hijack?
Jim
mysidia at gmail.com
Fri Nov 12 23:02:54 UTC 2021
On Fri, Nov 12, 2021 at 1:29 PM Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Thu, Nov 11, 2021 at 09:44:04PM +0000, [..]
> It depends on where you are (from my resolver, I get
> 64.130.197.11). This is because the name voyager.viser.net is not
> stable yet. Depending on your resolver, it points to 64.130.200.16 -
> which seems to give correct answers - or to 208.91.197.132 - which
> replies even for nonexisting domain names.
[..]
So yes, then.. A DNS Hijack by NetSol redirecting the hostname on an expired SLD
related to one of the individual nameserver hosts to a
faulty/non-compliant nameserver
of NetSol's that then publishes bogus RRs for domains that registrar
have no authority over.
That means instead of the 1 nameserver failing; the entire domain
breaks, even if there are multiple nameservers listed, and only 1 had
been accidentally allowed to expire.
DNSSEC would help here. NetSol's rogue nameserver wouldn't be able to produce
the signed zone if validation were required.
--
-JH
More information about the NANOG
mailing list