Dear all, I found some strange DNS query result these days. Show the strange result as following :< C:\Documents and Settings\Administrator>nslookup ftp11.tw.freebsd.org 168.95.1.1 Server: dns.hinet.net Address: 168.95.1.1 Name: ftp11.tw.freebsd.org.com.tw Address: 82.98.86.170 C:\Documents and Settings\Administrator>nslookup ftp6.tw.freebsd.org 168.95.1.1 Server: dns.hinet.net Address: 168.95.1.1 Name: ftp6.tw.freebsd.org.com.tw Address: 82.98.86.170 Both ftp6.tw.freebsd.org and ftp11.tw.freebsd.org has the same IP adderess, and this IP address seems belong to a malice domain! Could anyone have good idea?
Hello,> C:\Documents and Settings\Administrator>nslookup ftp11.tw.freebsd.org 168.95.1.1 > > Server: dns.hinet.net > Address: 168.95.1.1 > > Name: ftp11.tw.freebsd.org.com.tw^^^^^^^^ You seem to nslookup "ftp11.tw.freebsd.org.COM.TW". If it's right,> Address: 82.98.86.170is correct as follows: $ dig A ftp11.tw.freebsd.org.com.tw ; <<>> DiG 9.2.4 <<>> A ftp11.tw.freebsd.org.com.tw ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53400 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;ftp11.tw.freebsd.org.com.tw. IN A ;; ANSWER SECTION: ftp11.tw.freebsd.org.com.tw. 600 IN A 82.98.86.170 So you had better check your PC's settings. BTW, a wild card record(*.org.com.tw) is probably used. For example, I got same results with following queries: $ dig A foo.bar.freebsd.org.com.tw $ dig A foo.bar.org.com.tw $ dig A foo.org.com.tw Best regards. ----- UEDA Hiroyuki <ueda@netforest.ad.jp> Netforest Inc., JAPAN
On Tue, Mar 24, 2009 at 12:00:24PM +0000, freebsd-security-request@freebsd.org wrote:> Date: Tue, 24 Mar 2009 14:56:10 +0800 > From: James Chang <james.technew@gmail.com> > Subject: DNS of FreeBSD.org been Attacked!? > To: freebsd-security@freebsd.org > Message-ID: > <a951c2910903232356y4faa9fd6nb3ebfd2215ca4d39@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Dear all, > > I found some strange DNS query result these days. > > Show the strange result as following :< > > C:\Documents and Settings\Administrator>nslookup ftp11.tw.freebsd.org 168.95.1.1 > > Server: dns.hinet.net > Address: 168.95.1.1 > > Name: ftp11.tw.freebsd.org.com.tw > Address: 82.98.86.170Correct the configuration of your Windows machine (under Connection Properties -> TCP/IP properties -> Advanced -> DNS -> "Append these DNS suffixes", so that ".com.tw" is not appended as your domain by default. Otherwise, things won't work well for you. This is in no way a FreeBSD issue. -- Clifton -- Clifton Royston -- cliftonr@iandicomputing.com / cliftonr@lava.net President - I and I Computing * http://www.iandicomputing.com/ Custom programming, network design, systems and network consulting services