North American Network Operators Group
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: aljazeera.net domain owned.

  • From: Mike Tancsa
  • Date: Thu Mar 27 17:05:00 2003 

Looks like 213.30.180.218 allows unrestricted zone transfers.

> ls -d ALJAZEERA.NET.
[[213.30.180.218]]
$ORIGIN aljazeera.net.
@                       15M IN SOA      ns3 dnsadmin.nav-link.net. (
                                        2003032706      ; serial
                                        3H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        15M )           ; minimum

                        15M IN NS       ns1sa.navlink.com.
                        15M IN NS       ns3
                        15M IN MX       10 mail
                        15M IN A        213.30.180.219
ns3                     15M IN A        213.30.180.218
admin                   15M IN A        213.30.180.219
synadmin                15M IN A        213.30.180.220
english                 15M IN A        213.30.180.219
jazad01                 15M IN A        213.30.180.220
wrc                     15M IN A        213.30.180.222
jazad02                 15M IN A        213.30.180.220
cm                      15M IN A        213.130.180.216
syndication             15M IN A        213.30.180.220
jazad                   15M IN A        213.30.180.220
mail                    15M IN A        64.110.61.12
www                     15M IN CNAME    @
bm                      15M IN A        213.30.180.221
www1                    15M IN A        213.30.180.219
www2                    15M IN A        213.30.180.219
ftp                     15M IN CNAME    @
stats                   15M IN A        213.30.180.222
users                   15M IN A        213.30.180.219
@                       15M IN SOA      ns3 dnsadmin.nav-link.net. (
                                        2003032706      ; serial
                                        3H              ; refresh
                                        1H              ; retry
                                        1W              ; expiry
                                        15M )           ; minimum

>


Handy to do a quick update on any servers doing recursion.

        ---Mike



At 03:48 PM 27/03/2003 -0600, John Palmer wrote:
Hmm - don't think so - although nothing is up there - www.aljazeera.net resolves to 127.0.0.1.
This is from the MYDOMAIN.COM nameservers listed as the auth for this domain:

; <<>> DiG 8.2 <<>> ns aljazeera.net @b.gtld-servers.net
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUERY SECTION:
;; aljazeera.net, type = NS, class = IN

;; ANSWER SECTION:
aljazeera.net. 2D IN NS NS4.MYDOMAIN.COM.
aljazeera.net. 2D IN NS NS1.MYDOMAIN.COM.
aljazeera.net. 2D IN NS NS2.MYDOMAIN.COM.
aljazeera.net. 2D IN NS NS3.MYDOMAIN.COM.

;; ADDITIONAL SECTION:
NS4.MYDOMAIN.COM. 2D IN A 63.251.83.74
NS1.MYDOMAIN.COM. 2D IN A 64.94.117.195
NS2.MYDOMAIN.COM. 2D IN A 216.52.121.228
NS3.MYDOMAIN.COM. 2D IN A 66.150.161.130

;; Total query time: 80 msec
;; FROM: LAIR.LION to SERVER: b.gtld-servers.net 192.33.14.30
;; WHEN: Thu Mar 27 16:38:14 2003
;; MSG SIZE sent: 31 rcvd: 179

LAIR$ dig www.aljazeera.net @ns1.mydomain.com

; <<>> DiG 8.2 <<>> www.aljazeera.net @ns1.mydomain.com
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; www.aljazeera.net, type = A, class = IN

;; ANSWER SECTION:
www.aljazeera.net. 2M IN A 127.0.0.1

;; AUTHORITY SECTION:
aljazeera.net. 2M IN NS ns1.mydomain.com.
aljazeera.net. 2M IN NS ns2.mydomain.com.
aljazeera.net. 2M IN NS ns3.mydomain.com.
aljazeera.net. 2M IN NS ns4.mydomain.com.

;; ADDITIONAL SECTION:
ns1.mydomain.com. 30M IN A 64.94.117.195
ns2.mydomain.com. 30M IN A 216.52.121.228
ns3.mydomain.com. 30M IN A 66.150.161.130
ns4.mydomain.com. 30M IN A 63.251.83.74

;; Total query time: 117 msec
;; FROM: LAIR.LION to SERVER: ns1.mydomain.com 64.94.117.195
;; WHEN: Thu Mar 27 16:38:28 2003
;; MSG SIZE sent: 35 rcvd: 199

----- Original Message -----
From: "Eric Brunner-Williams in Portland Maine" <[email protected]>
To: "Sean Donelan" <[email protected]>
Cc: "Abdullah Ibn Hamad Al-Marri" <[email protected]>; <[email protected]>; <[email protected]>
Sent: Thursday, March 27, 2003 15:30
Subject: Re: aljazeera.net domain owned.


>
> Earlier today I logged a disparity between the NSI web whois interface
> and the whois commandline interface outputs (http://nic-iq.nic-naa.net,
> bottom of page).
>
> I sent mail to two contacts inside Verisign, and at 4:30pm EST, the
> hijack appears to be over, at least as far as NS records are concerned.
>
>