Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 27 Sep 1999 22:34:12 -0700 (PDT)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        Nate Williams <nate@mt.sri.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: DNS Concern?
Message-ID:  <199909280534.WAA86235@apollo.backplane.com>
References:   <199909280449.WAA14300@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
:>From my logfile (not modified to protect the innocent..)
:----------------------------------------------
:Sep 24 23:21:26 ns named[17685]: ns_resp: query(hackerz.org) A RR negative cache entry (216.181.127.2:)
:Sep 24 23:21:26 ns named[17685]: ns_resp: query(hackerz.org) All possible A RR's lame
:Sep 24 23:21:26 ns named[17685]: ns_forw: query(hackerz.org) A RR negative cache entry (216.181.127.2:)
:Sep 24 23:21:26 ns named[17685]: ns_forw: query(hackerz.org) All possible A RR's lame
:----------------------------------------------
:
:
:Is this anything to be concerned about?
:
:
:Nate

    No.  216.181.127.2 is listed as a NS record by hackerz.org's two DNS
    sites.  hackerz.org must have screwed something up, which doesn't 
    surprise me at all.  Their NIC listed NS records do not match their
    zone-listed NS records.  While this isn't illegal (NIC listed NS
    records are used like a bootstrap), my opinion from reading their zone 
    is that they are somewhat confused. 

    In anycase, it means that your machine is fine: it's using information
    gotten from the right place rather then information spoofed into your
    DNS cache.

    Your log entry simply indicates that 216.181.127.2 was not returning 
    authoritative information on the zone on that day, yet was listed as
    an NS record (i.e. sites which must return authoritative data).
    It looks like they fixed whatever the problem wa, 216.181.127.2 is
    now returning authoritative information.

    I find the reverse lookup for 216.181.127.2 to be highly amusing:

	apollo:/home/dillon> nslookup 216.181.127.2
	Server:  apollo.backplane.com
	Address:  216.240.41.2

	Name:    theinternicsucksshit.com
	Address:  216.181.127.2

    heh heh.  There is no forward lookup for theinternicsucksshit.com,
    which may also be causing a problem.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199909280534.WAA86235>