[65712] in North American Network Operators' Group
Re: Always renew your domain names
daemon@ATHENA.MIT.EDU (Joe Abley)
Fri Dec 5 12:57:25 2003
In-Reply-To: <20031205172004.GD10143@bofh.ece.ubc.ca>
Cc: nanog@nanog.org
From: Joe Abley <jabley@isc.org>
Date: Fri, 5 Dec 2003 12:53:58 -0500
To: Luca Filipozzi <lucaf+nanog@ece.ubc.ca>
Errors-To: owner-nanog-outgoing@merit.edu
On 5 Dec 2003, at 12:20, Luca Filipozzi wrote:
> On Fri, Dec 05, 2003 at 11:07:24AM -0600, Mike Hyde wrote:
>> Looks like someone forgot to renew there domain name and another party
>> decided to do it for them, with some slight changes:
>>
>> host 206.108.102.93
>> 93.102.108.206.in-addr.arpa domain name pointer
>> bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia.net
>
> This isn't a lapsed domain registration issue; we're not talking about
> A
> records. It doesn't strike you as odd (read 'a security issue') that
> the
> PTR records have been changed?
Bell's ARIN records show 102.108.206.in-addr.arpa delegated to
nameservers named under bell-nexxia.net, which is a zone that Bell do
not currently run.
If you believe the dates returned by whois.crsnic.net,
"bell-nexxia.net" was only recently registered, while "bellnexxia.net"
was registered in 1999.
Maybe someone at Bell typo'd nameserver names when they filled out the
paperwork for 206.108/20, and someone else got fed up with waiting for
them to fix it (and hence the reverse DNS for these blocks).
Joe
