From owner-freebsd-security@FreeBSD.ORG  Tue Mar 24 08:16:35 2009
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 15564106566C
	for <freebsd-security@freebsd.org>;
	Tue, 24 Mar 2009 08:16:35 +0000 (UTC)
	(envelope-from ueda@netforest.ad.jp)
Received: from kiku.netforest.co.jp (kiku.netforest.co.jp [218.45.16.40])
	by mx1.freebsd.org (Postfix) with ESMTP id AF5208FC1E
	for <freebsd-security@freebsd.org>;
	Tue, 24 Mar 2009 08:16:34 +0000 (UTC)
	(envelope-from ueda@netforest.ad.jp)
Received: (qmail 82589 invoked by uid 1020); 24 Mar 2009 16:49:53 +0900
Received: from sumire.netforest.co.jp (HELO [10.0.7.102])
	(SubmissionBy:ueda@[218.45.16.38])
	(envelope-sender <ueda@netforest.ad.jp>)
	by kiku.netforest.co.jp (qmail-ldap-1.03) with AES128-SHA encrypted
	SMTP for <freebsd-security@freebsd.org>; 24 Mar 2009 16:49:53 +0900
Date: Tue, 24 Mar 2009 16:49:53 +0900
From: "UEDA Hiroyuki" <ueda@netforest.ad.jp>
To: freebsd-security@freebsd.org
In-Reply-To: <a951c2910903232356y4faa9fd6nb3ebfd2215ca4d39@mail.gmail.com>
References: <a951c2910903232356y4faa9fd6nb3ebfd2215ca4d39@mail.gmail.com>
Message-Id: <20090324164644.A697.5F3C430A@netforest.ad.jp>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Mailer: Becky! ver. 2.50.03 [ja]
Subject: Re: DNS of FreeBSD.org been Attacked!?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Mar 2009 08:16:35 -0000

Hello,


> C:\Documents and Settings\Administrator>nslookup ftp11.tw.freebsd.org 168.95.1.1
> 
> Server:  dns.hinet.net
> Address:  168.95.1.1
> 
> Name:    ftp11.tw.freebsd.org.com.tw
                               ^^^^^^^^
You seem to nslookup "ftp11.tw.freebsd.org.COM.TW". If it's right, 

> Address:  82.98.86.170

is correct as follows:

$ dig A ftp11.tw.freebsd.org.com.tw

; <<>> DiG 9.2.4 <<>> A ftp11.tw.freebsd.org.com.tw
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53400
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;ftp11.tw.freebsd.org.com.tw.   IN      A

;; ANSWER SECTION:
ftp11.tw.freebsd.org.com.tw. 600 IN     A       82.98.86.170

So you had better check your PC's settings.


BTW, a wild card record(*.org.com.tw) is probably used. For example, I
got same results with following queries:

$ dig A foo.bar.freebsd.org.com.tw
$ dig A foo.bar.org.com.tw
$ dig A foo.org.com.tw


Best regards.

-----
UEDA Hiroyuki <ueda@netforest.ad.jp>
Netforest Inc., JAPAN