DNS tomfoolery

To: debian-user@lists.debian.org
Cc: Edward Speyer <edward@tropic.org.uk>
Subject: DNS tomfoolery
From: Edward Speyer <edward@tropic.org.uk>
Date: Mon, 17 Apr 2006 09:48:20 +0100
Message-id: <[🔎] 20060417084820.GA30970@tropic.org.uk>

Hi,

BIND keeps moaning at me about "Bogus MULTICAST A" resource records.  I
see that they are all as a result of queries to domains that host
websites trying to sell Viagra / Cialis etc. (probably initiated by
SpamAssassin).

Does anyone have any ideas as to the incentive for spam-loving
faux-Viagra vendors to use a multicast IP address for their nameservers?

For example, this output taken from dig(1):

  ;; ANSWER SECTION:
  seescum.biz.            600 IN A 222.240.155.58
  [...]

  ;; AUTHORITY SECTION:
  seescum.biz.            600 IN NS ns1.seescum.biz.
  seescum.biz.            600 IN NS ns2.seescum.biz.
  seescum.biz.            600 IN NS ns3.seescum.biz.

  ;; ADDITIONAL SECTION:
  mail.seescum.biz.       600 IN A 238.222.241.159
  ns1.seescum.biz.        600 IN A 222.240.155.58
  ns2.seescum.biz.        600 IN A 222.240.155.58
  ns3.seescum.biz.        600 IN A 238.222.241.159

Note that the "mail" and "ns3" RRs are in the multicast IP address
space!  I'm suspicious!

Ed

Reply to:

Follow-Ups:
- Re: DNS tomfoolery
  - From: Matus UHLAR - fantomas <uhlar@fantomas.sk>

Prev by Date: Re: How do you grow brocolli?
Next by Date: Re: Acroread, where are you my Acroread?
Previous by thread: Re: Bugzilla debian package installation
Next by thread: Re: DNS tomfoolery
Index(es):
- Date
- Thread