DNS is tainted
Jeff Peng
pengyh at inbox.com
Wed Jun 8 03:09:47 UTC 2011
Hello,
From the dig info below:
C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com
www.nsbeta.info. 3497 IN CNAME nsbeta.info.
nsbeta.info. 2434 IN A 74.117.232.204
C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com
www.nsbeta.info. 3492 IN CNAME nsbeta.info.
nsbeta.info. 2429 IN A 74.117.232.204
C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com
www.nsbeta.info. 3486 IN CNAME nsbeta.info.
nsbeta.info. 2423 IN A 74.117.232.204
I think my office network's DNS is tainted. because:
1) ns1.google.com is authoritative nameserver only, which shouldn't answer this query.
2) the TTL is decreased each time, if it's a real authority answer, the TTL should be all the same.
And this is the full output of dig:
C:\dig>dig www.nsbeta.info @ns1.google.com
; <<>> DiG 9.3.2 <<>> www.nsbeta.info @ns1.google.com
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1183
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;www.nsbeta.info. IN A
;; ANSWER SECTION:
www.nsbeta.info. 3111 IN CNAME nsbeta.info.
nsbeta.info. 2048 IN A 74.117.232.204
;; Query time: 15 msec
;; SERVER: 216.239.32.10#53(216.239.32.10)
;; WHEN: Wed Jun 08 11:09:09 2011
;; MSG SIZE rcvd: 74
How to deal with this case? Thanks.
Regards.
____________________________________________________________
FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop!
Check it out at http://www.inbox.com/earth
More information about the bind-users
mailing list