[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Possible DNS compromise/poisoning?

To: <nicholasnam@xxxxxxxx>
Subject: Re: [Full-Disclosure] Possible DNS compromise/poisoning?
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Wed, 05 Jan 2005 19:12:43 +0100

> Is anyone else seeing this:
>
> --SNIP--
> ;; QUESTION SECTION:
> ;www.microsoft.com.             IN      A
>
> ;; ANSWER SECTION:
> www.microsoft.com.      2415    IN      CNAME
> www.microsoft.com.nsatc.net.
> --SNIP--
>
> Notice that www.microsoft.com is a cname for
> www.microsoft.com.nsatc.net.  It's not limited to www.microsoft.com
> and to the best of my knowledge the correct web content is
> displayed.

AFAIK, this is a side effect because Microsoft uses Savvis' content
distribution network.

This is by no means a recent change.  It's been this way since last
June, probably much longer (I haven't got older data).
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Possible DNS compromise/poisoning?
  - From: nicholasnam

Prev by Date: [Full-Disclosure] MDKSA-2004:161 - Updated xpdf packages fix buffer overflow vulnerability
Next by Date: Re: [Full-Disclosure] Jami L Blume/BOARD/FRS is out of the office. (fwd)
Previous by thread: Re: [Full-Disclosure] Possible DNS compromise/poisoning?
Next by thread: Re: [Full-Disclosure] Possible DNS compromise/poisoning?
Index(es):
- Date
- Thread