[Gllug] DNS hijacking
Richard Turner
richard at zygous.co.uk
Tue Jan 25 20:33:11 UTC 2005
On Tue, 2005-01-25 at 11:12 +0000, Ian Norton wrote:
> Hi,
>
> has anyone else noticed recently a little bit of dns hijacking? Over the last
> week, sites like btefnet.org and openzaurus.org have randomly (for whole days
> at a time) sent me to various 'this domain is parked for a customer' pages.
>
> i'm wondering if my isp is having some serious issues (they are metronet who
> are a customer of claranet afaik)
>
My manager came to me in a flap this morning because it seemed that our
website had gone down - instead we could see the directory listing for a
hosting account we used to have with a different ISP (thankfully I'd
deleted all the files from that account - I was surprised to see that
it's still serving pages, or would be if there were any to serve). The
fact that we seemed to be able to see our old server made me think of
DNS issues, so I did a host lookup from inside and outside our LAN. Lo
and behold, inside we were being given an old IP address: outside we
were given the correct one.
A quick change to the forwarders being used by our internal DNS servers
and all was well again. This post reminded me that I should call
Easynet to tell them that their DNS records are awry.
Dunno what the glitch means, if anything, but it was interesting to
observe (and a pest for affected ISPs' customers).
Cheers,
Richard.
--
"Racing turtles, the grapefruit is winning..."
B53 8184 E61F 3604 FBF3 4CCB EF07 2942 30F2 739E
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20050125/1606635f/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list