[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Strangeness in name resolution



Hi all,

since recently, there seems to be a strange phenomenon going on with DNS 
resolution. From time to time, some domain names seem to be redirected to a 
domain broker/squatter (domainmonkeys or something), or today to 
myfamily.com. This is completely new behaviour from a system that has been 
running fine for over a year.

I am running BIND9 (from testing) that just serves local names and acts as a 
forwarder/cache for anything outside my local TLD. Sometimes, restarting BIND 
fixes it, but sometimes it doesn't. According to dig, the forwarder resolves 
to the same wrong IP as does another name server. When digging the name 
servers in the WHOIS data, I get the right IP.

Is this some kind of attack on my system or are my forwarders simultaneously 
being poisoned? Is there someone crawling through my system?

As for outside attacks: the system doesn't answer to inbound connections or 
unrelated packets to the ports used by BIND that come from outside the 
network. All machines on the network seem to be virus and spyware-free.

-- 
Got Backup?

Jabber: Shadowdancer at jabber.fsinf.de

Attachment: pgpEAvupPplCV.pgp
Description: PGP signature


Reply to: