[30936] in North American Network Operators' Group
MYDOMAIN.COM faking auth on COM.BR zone
daemon@ATHENA.MIT.EDU (Frederico A C Neves)
Fri Sep 1 18:53:08 2000
Date: Fri, 1 Sep 2000 19:45:58 -0300
From: Frederico A C Neves <fneves@registro.br>
To: nanog@merit.edu
Cc: iana@iana.org, abuse@mydomain.com,
Demi Getschko <demig@ig.com.br>,
Pedro A M Vazquez <vazquez@IQM.Unicamp.BR>, nbso@nic.br,
Hugo Koji Kobayashi <koji@registro.br>
Message-ID: <20000901194558.L36817@registro.br>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="hdW7zL/qDS6RXdAL"
Content-Disposition: inline
Errors-To: owner-nanog-outgoing@merit.edu
--hdW7zL/qDS6RXdAL
Content-Type: multipart/mixed; boundary="08ATZu8fEq0x2T3M"
Content-Disposition: inline
--08ATZu8fEq0x2T3M
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Dear Nanog Readers,
As we have not yet received any response from our abuse request
(attached) to MYDOMAIN.COM and more 10 phone calls we are looking for
help of any kind here.
COM.BR zone is populated with 280K zone delegations (92% of the .BR
registered domain names). Mydomain.com DNS servers are delegated to
1361 domains inside the .BR zone. We don't known why but these servers
are answering authoritatively to COM.BR zone and they are carrying a
wild card record to.
This is causing some confusion and trouble to buggy resolvers (notably
NT). If someone knows a contact different of the whois and the web
site information please let me known asap privately.
Best Regards
Frederico Neves
=2EBR tech contact
--begin
bash> dig @a.root-servers.net br ns
; <<>> DiG 8.2 <<>> @a.root-servers.net br ns=20
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 5
;; QUERY SECTION:
;; br, type =3D NS, class =3D IN
;; ANSWER SECTION:
br. 2D IN NS NS.DNS.br.
br. 2D IN NS NS1.DNS.br.
br. 2D IN NS NS2.DNS.br.
br. 2D IN NS NS3.NIC.FR.
br. 2D IN NS NS-EXT.VIX.COM.
;; ADDITIONAL SECTION:
NS.DNS.br. 2D IN A 143.108.23.2
NS1.DNS.br. 2D IN A 200.255.253.234
NS2.DNS.br. 2D IN A 200.19.119.99
NS3.NIC.FR. 2D IN A 192.134.0.49
NS-EXT.VIX.COM. 2D IN A 204.152.184.64
;; Total query time: 768 msec
;; FROM: clone.registro.br to SERVER: a.root-servers.net 198.41.0.4
;; WHEN: Fri Sep 1 17:52:07 2000
;; MSG SIZE sent: 20 rcvd: 209
bash> dig @NS.DNS.br. com.br ns
; <<>> DiG 8.2 <<>> @NS.DNS.br. com.br ns=20
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
;; QUERY SECTION:
;; com.br, type =3D NS, class =3D IN
;; ANSWER SECTION:
com.br. 1D IN NS NS2.DNS.br.
com.br. 1D IN NS NS-EXT.VIX.COM.
com.br. 1D IN NS NS.DNS.br.
com.br. 1D IN NS NS1.DNS.br.
;; ADDITIONAL SECTION:
NS2.DNS.br. 1D IN A 200.19.119.99
NS.DNS.br. 1D IN A 143.108.23.2
NS1.DNS.br. 1D IN A 200.255.253.234
;; Total query time: 1 msec
;; FROM: clone.registro.br to SERVER: NS.DNS.br. 143.108.23.2
;; WHEN: Fri Sep 1 17:52:24 2000
;; MSG SIZE sent: 24 rcvd: 157
bash> dig @ns1.mydomain.com com.br any
; <<>> DiG 8.2 <<>> @ns1.mydomain.com com.br any=20
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 7
;; QUERY SECTION:
;; com.br, type =3D ANY, class =3D IN
;; ANSWER SECTION:
com.br. 42m40s IN SOA ns1.mydomain.com. hostmaster.com.br=
. (
967828523 ; serial
4h33m4s ; refresh
34m8s ; retry
1w5d3h16m16s ; expiry
42m40s ) ; minimum
com.br. 3D IN NS ns1.mydomain.com.
com.br. 3D IN NS ns2.mydomain.com.
com.br. 3D IN NS ns3.mydomain.com.
com.br. 3D IN NS ns4.mydomain.com.
com.br. 1D IN A 208.184.130.40
com.br. 1D IN MX 10 a.mx.mydomain.com.
com.br. 1D IN MX 10 b.mx.mydomain.com.
com.br. 1D IN MX 10 c.mx.mydomain.com.
;; ADDITIONAL SECTION:
ns1.mydomain.com. 3D IN A 208.184.130.51
ns2.mydomain.com. 3D IN A 208.184.130.52
ns3.mydomain.com. 3D IN A 208.184.130.53
ns4.mydomain.com. 3D IN A 208.184.130.55
a.mx.mydomain.com. 1D IN A 208.184.130.53
b.mx.mydomain.com. 1D IN A 208.184.130.51
c.mx.mydomain.com. 1D IN A 208.184.130.55
;; Total query time: 1022 msec
;; FROM: clone.registro.br to SERVER: ns1.mydomain.com 208.184.130.51
;; WHEN: Fri Sep 1 17:52:46 2000
;; MSG SIZE sent: 24 rcvd: 340
--end
--=20
----------------------------------------------------------------
Frederico A C Neves Registro .br - ANSP
<fneves@registro.br> R.Pio XI, 1500
Tel +55-11-3645-2418 Sao Paulo - SP - Brazil - 05468-901
--08ATZu8fEq0x2T3M
Content-Type: message/rfc822
Content-Disposition: inline
Date: Fri, 1 Sep 2000 11:19:23 -0300
From: Frederico A C Neves <fneves@registro.br>
To: Support@MyDomain.com, support@namesdirect.com, abuse@MyDomain.com,
security@MyDomain.com, abuse@namesdirect.com,
security@namesdirect.com
Cc: root-mgmt@iana.org, iana@iana.org, hostmaster@nsiregistry.net,
demi@registro.br, nbso@nic.br,
Pedro A M Vazquez <vazquez@IQM.Unicamp.BR>, info@cg.org.br,
"Hostmaster Registro .br" <hostmaster>
Bcc: Hartmut Richard Glaser <glaser@fapesp.br>,
Ricardo Patara <patara@ansp.br>,
Milton Kaoru Kashiwakura <mkaoruka@ansp.br>, adler@embratel.net.br,
kco@embratel.net.br, Hugo Koji Kobayashi <koji@registro.br>
Subject: URGENT .COM.BR authority on mydomain.com AUTH servers
Message-ID: <20000901111923.A35869@registro.br>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="dDRMvlgZJXvWKvBx"
Content-Disposition: inline
User-Agent: Mutt/1.2.2i
X-Operating-System: FreeBSD
--dDRMvlgZJXvWKvBx
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Dear Mr.,
As reported at the end of this email ns[1-4].mydomain.com are
answering .COM.BR queries authoritatively. As mydomain.com servers are
listed in 1361 domains this error is propagating very fast on buggy
resolvers.
Please take actions immediately to stop answering .COM.BR
authoritatively.
Frederico Neves
=2EBR Tech Contact
+55 11 3838-4130
--begin
bash> dig @NS1.mydomain.com www.uol.com.br any
; <<>> DiG 8.3 <<>> @NS1.mydomain.com www.uol.com.br any=20
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; www.uol.com.br, type =3D ANY, class =3D IN
;; ANSWER SECTION:
www.uol.com.br. 1D IN A 208.184.130.40
;; AUTHORITY SECTION:
com.br. 3D IN NS ns1.mydomain.com.
com.br. 3D IN NS ns2.mydomain.com.
com.br. 3D IN NS ns3.mydomain.com.
com.br. 3D IN NS ns4.mydomain.com.
;; ADDITIONAL SECTION:
ns1.mydomain.com. 3D IN A 208.184.130.51
ns2.mydomain.com. 3D IN A 208.184.130.52
ns3.mydomain.com. 3D IN A 208.184.130.53
ns4.mydomain.com. 3D IN A 208.184.130.55
;; Total query time: 4552 msec
;; FROM: fork.in.REGISTRO.BR to SERVER: NS1.mydomain.com 208.184.130.51
;; WHEN: Fri Sep 1 11:09:28 2000
;; MSG SIZE sent: 32 rcvd: 196
bash> dig @NS1.mydomain.com com.br soa
; <<>> DiG 8.3 <<>> @NS1.mydomain.com com.br soa=20
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; com.br, type =3D SOA, class =3D IN
;; ANSWER SECTION:
com.br. 42m40s IN SOA ns1.mydomain.com. hostmaster.com.br=
. (
967811974 ; serial
4h33m4s ; refresh
34m8s ; retry
1w5d3h16m16s ; expiry
42m40s ) ; minimum
;; AUTHORITY SECTION:
com.br. 3D IN NS ns1.mydomain.com.
com.br. 3D IN NS ns2.mydomain.com.
com.br. 3D IN NS ns3.mydomain.com.
com.br. 3D IN NS ns4.mydomain.com.
;; ADDITIONAL SECTION:
ns1.mydomain.com. 3D IN A 208.184.130.51
ns2.mydomain.com. 3D IN A 208.184.130.52
ns3.mydomain.com. 3D IN A 208.184.130.53
ns4.mydomain.com. 3D IN A 208.184.130.55
;; Total query time: 898 msec
;; FROM: fork.in.REGISTRO.BR to SERVER: NS1.mydomain.com 208.184.130.51
;; WHEN: Fri Sep 1 10:44:16 2000
;; MSG SIZE sent: 24 rcvd: 219
bash> dig @208.184.130.52 com.br soa
; <<>> DiG 8.3 <<>> @208.184.130.52 com.br soa=20
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; com.br, type =3D SOA, class =3D IN
;; ANSWER SECTION:
com.br. 42m40s IN SOA ns1.mydomain.com. hostmaster.com.br=
. (
967811974 ; serial
4h33m4s ; refresh
34m8s ; retry
1w5d3h16m16s ; expiry
42m40s ) ; minimum
;; AUTHORITY SECTION:
com.br. 3D IN NS ns1.mydomain.com.
com.br. 3D IN NS ns2.mydomain.com.
com.br. 3D IN NS ns3.mydomain.com.
com.br. 3D IN NS ns4.mydomain.com.
;; ADDITIONAL SECTION:
ns1.mydomain.com. 3D IN A 208.184.130.51
ns2.mydomain.com. 3D IN A 208.184.130.52
ns3.mydomain.com. 3D IN A 208.184.130.53
ns4.mydomain.com. 3D IN A 208.184.130.55
;; Total query time: 908 msec
;; FROM: fork.in.REGISTRO.BR to SERVER: 208.184.130.52
;; WHEN: Fri Sep 1 10:52:08 2000
;; MSG SIZE sent: 24 rcvd: 219
bash> dig @208.184.130.53 com.br soa
; <<>> DiG 8.3 <<>> @208.184.130.53 com.br soa=20
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; com.br, type =3D SOA, class =3D IN
;; ANSWER SECTION:
com.br. 42m40s IN SOA ns1.mydomain.com. hostmaster.com.br=
. (
967811974 ; serial
4h33m4s ; refresh
34m8s ; retry
1w5d3h16m16s ; expiry
42m40s ) ; minimum
;; AUTHORITY SECTION:
com.br. 3D IN NS ns1.mydomain.com.
com.br. 3D IN NS ns2.mydomain.com.
com.br. 3D IN NS ns3.mydomain.com.
com.br. 3D IN NS ns4.mydomain.com.
;; ADDITIONAL SECTION:
ns1.mydomain.com. 3D IN A 208.184.130.51
ns2.mydomain.com. 3D IN A 208.184.130.52
ns3.mydomain.com. 3D IN A 208.184.130.53
ns4.mydomain.com. 3D IN A 208.184.130.55
;; Total query time: 893 msec
;; FROM: fork.in.REGISTRO.BR to SERVER: 208.184.130.53
;; WHEN: Fri Sep 1 10:52:21 2000
;; MSG SIZE sent: 24 rcvd: 219
bash>=20
bash> dig @208.184.130.55 com.br soa
; <<>> DiG 8.3 <<>> @208.184.130.55 com.br soa=20
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4
;; QUERY SECTION:
;; com.br, type =3D SOA, class =3D IN
;; ANSWER SECTION:
com.br. 42m40s IN SOA ns1.mydomain.com. hostmaster.com.br=
. (
967802099 ; serial
4h33m4s ; refresh
34m8s ; retry
1w5d3h16m16s ; expiry
42m40s ) ; minimum
;; AUTHORITY SECTION:
com.br. 3D IN NS ns1.mydomain.com.
com.br. 3D IN NS ns2.mydomain.com.
com.br. 3D IN NS ns3.mydomain.com.
com.br. 3D IN NS ns4.mydomain.com.
;; ADDITIONAL SECTION:
ns1.mydomain.com. 3D IN A 208.184.130.51
ns2.mydomain.com. 3D IN A 208.184.130.52
ns3.mydomain.com. 3D IN A 208.184.130.53
ns4.mydomain.com. 3D IN A 208.184.130.55
;; Total query time: 763 msec
;; FROM: fork.in.REGISTRO.BR to SERVER: 208.184.130.55
;; WHEN: Fri Sep 1 10:52:32 2000
;; MSG SIZE sent: 24 rcvd: 219
bash>=20
--end
--=20
----------------------------------------------------------------
Frederico A C Neves Registro .br - ANSP
<fneves@registro.br> R.Pio XI, 1500
Tel +55-11-3838-4130 Sao Paulo - SP - Brazil - 05468-901
--dDRMvlgZJXvWKvBx
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: UAk5np9VwD/tQG9N+WyDyL6uohm1QJSQ
iQCVAwUBOa+66i4iJzgSlM/9AQF65AP+LB1Zb1bUMGsiFlnCTcFGTQVINPG5OUkA
U7R6FDAW0q3IT4bGqj48PGIpakrMp54OqjIihiZP1dRQEIlZSiqgg4banSn7xaLE
k2droRAKDDi5AocYAAZxwqA69fJWVYZ/E9+/J97hA8RoO+gj71KX1gk6mIFedvic
mIlXmAMmGwI=
=YMDN
-----END PGP SIGNATURE-----
--dDRMvlgZJXvWKvBx--
--08ATZu8fEq0x2T3M--
--hdW7zL/qDS6RXdAL
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: c48pS/Q1+LSL0eNmQib7qFnUEkE/iaO4
iQCVAwUBObAxpS4iJzgSlM/9AQGjYAP/fGXi/WiKi0sjEz750YHr/ZjxIOtxy9LG
qwiunKEPWdjY1EKp2bPaNpi3+ASwbOpjATRW1vUeOEZheZOtw/qNn4PkVk+oefqc
D1ObzNashoz+3Gyg9ydCcaDoszL3Xo/2yZZ/a14Lau1QCvpCQpPNTRWcWRu2Jico
u7hpR+hK+h0=
=zDaB
-----END PGP SIGNATURE-----
--hdW7zL/qDS6RXdAL--
