Re: Am I being attacked? Domain name and DNS server problem

To: debian-user@lists.debian.org
Subject: Re: Am I being attacked? Domain name and DNS server problem
From: Nate Duehr <nate@natetech.com>
Date: Sat, 18 Mar 2006 15:41:12 -0700
Message-id: <[🔎] 441C8C88.60806@natetech.com>
In-reply-to: <[🔎] 45cff9770603181355v10c9b08ag87611770acb47354@mail.gmail.com>
References: <[🔎] 45cff9770603181355v10c9b08ag87611770acb47354@mail.gmail.com>

Robert MannI wrote:

Hello!

This is most likely the wrong list, but I can't find a linux security
list and this is a little bit urgent! Maybe someone off this list can
give me some pointers.

My client has a domain. When I ping the domain, it resolves to the IP
address of the dedicated server he is hosting on.

But then, when I try to resolve the ip address back to a domain, using either
"host xx.xx.xx.xx" on mac os x, or
"/usr/bin/resolveip xx.xx.xx.xx" on linux,
the ip address is resolved to a domain name that is a little bit suspicious:

ns2.decayandcorrupt.com

Is this an attack? Resolving an ip address to a hostname shouldn't
return a nameserver, should it?


Sounds more like just a screw-up.

Forward and reverse zones are not related, and are stored in differentfiles on the DNS servers. Zone delegations have to be done correctly toallow whoever controls the IP to do DNS for it.

If it's an attack, there doesn't seem to be much sense in it. Annoying,yes... but I can't think of a whole lot of attack vectors that would beable to make use of a bad reverse-DNS entry like that.


Nate

Reply to:

References:
- Am I being attacked? Domain name and DNS server problem
  - From: "Robert MannI" <robmnl@gmail.com>

Prev by Date: Re: procmail vs. exim (was: Re: Proposed change for subscriptions...)
Next by Date: Re: Am I being attacked? Domain name and DNS server problem
Previous by thread: Am I being attacked? Domain name and DNS server problem
Next by thread: Re: Am I being attacked? Domain name and DNS server problem
Index(es):
- Date
- Thread