ietf
[Top] [All Lists]

Stupid DNS tricks

2003-09-15 21:38:23
Because this is probably a community of interest for the
topic of DNS, I thought it would be worthwhile mentioning
that Verisign has apparently unilaterally put in place
wildcard DNS records for *.com and *.net. All unregistered
domains in .com and .net now resolve to 64.94.110.11, which
runs a Verisign-operated web search engine on port 80.

In other words, it is effectively impossible to provoke
an "NXDOMAIN" response for any host in either of these TLDs.
 
$ dig sdlfkjglei.com

; <<>> DiG 9.2.1 <<>> sdlfkjglei.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35289
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 0

;; QUESTION SECTION:
;sdlfkjglei.com.                        IN      A

;; ANSWER SECTION:
sdlfkjglei.com.         900     IN      A       64.94.110.11

;; AUTHORITY SECTION:
com.                    172800  IN      NS      k.gtld-servers.net.
com.                    172800  IN      NS      l.gtld-servers.net.
com.                    172800  IN      NS      m.gtld-servers.net.
com.                    172800  IN      NS      a.gtld-servers.net.
com.                    172800  IN      NS      b.gtld-servers.net.
com.                    172800  IN      NS      c.gtld-servers.net.
com.                    172800  IN      NS      d.gtld-servers.net.
com.                    172800  IN      NS      e.gtld-servers.net.
com.                    172800  IN      NS      f.gtld-servers.net.
com.                    172800  IN      NS      g.gtld-servers.net.
com.                    172800  IN      NS      h.gtld-servers.net.
com.                    172800  IN      NS      i.gtld-servers.net.
com.                    172800  IN      NS      j.gtld-servers.net.

;; Query time: 48 msec
;; SERVER: xx.xx.xx.xx
;; WHEN: Mon Sep 15 23:12:05 2003
;; MSG SIZE  rcvd: 272

/a



<Prev in Thread] Current Thread [Next in Thread>