* Suresh Ramasubramanian:
Any idea?
SANS would call this a DNS cache poisoning attack. 8-) It seems that ns*.dnsauthority.com uses the shortcut I mentioned earlier. ; <<>> DiG 9.2.4 <<>> @ns4.dnsauthority.com de ns ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31561 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;de. IN NS ;; ANSWER SECTION: de. 14400 IN NS ns4.dnsauthority.com. de. 14400 IN NS ns5.dnsauthority.com. ;; Query time: 120 msec ;; SERVER: 66.151.179.138#53(ns4.dnsauthority.com) ;; WHEN: Wed Apr 20 11:08:47 2005 ;; MSG SIZE rcvd: 72 ; <<>> DiG 9.2.4 <<>> @ns4.dnsauthority.com enyo.de ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4729 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;enyo.de. IN A ;; ANSWER SECTION: enyo.de. 14400 IN A 66.151.179.147 ;; AUTHORITY SECTION: de. 14400 IN NS ns4.dnsauthority.com. de. 14400 IN NS ns5.dnsauthority.com. ;; Query time: 115 msec ;; SERVER: 66.151.179.138#53(ns4.dnsauthority.com) ;; WHEN: Wed Apr 20 11:10:50 2005 ;; MSG SIZE rcvd: 93