On Monday 09 May 2005 6:46 am, Paul Vixie wrote:
-- Chris Keladis <chris@cmc.optus.net.au> wrote:
Just a guess, but perhaps with www.google.com returning NXDOMAIN the gethostby* functions tried variations and ended up resolving sites like www.google.com.net which inadvertantly sent people to the spoof site.
Seems plausible to me, anyway.
not to me. RFC 1535 is VERY widely deployed, perhaps even universally so.
I doubt it is universally so, as I think old versions of Windows did something similar in the 4.8.3 resolver, and they are still out there. Software takes a long time to die. However a lot of people saw the search engine "sogo" because their browser asked for www.google.com.net when it found www.Google.com didn't exist, and this is caught by a wildcard (allegedly). Although my quick inspection suggests that the DNS for these domains is very badly mangled, BIND 9 does somehow manage to get an IP address out of the mess it finds.