On Tue, 26 Apr 2005, Randy Bush wrote:
lots of folk sent email to me and not the list. most report worldnic responding with tcp 53 and not udp. would love to hear confirmation on list. can think of a number of causes, one possible, but just a stab in the dark, would be an intentional hack as a defense to a spoofed-ip attack.
what are some names known to be hosted on worldnic?
we had problems reported with: www.calairmail.com www.holidaycardwebsite.com I did some poking around lastnight with dig and some local unix hosts that I hadn't tried this before on and got no change to tcp :( (so no truncate and returned results via UDP) though today I see: morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns7.worldnic.com ;; Truncated, retrying in TCP mode. and failures (which is PROBABLY my silly iptables config...) morrowc@iad1-srv02:~$ dig www.holidaycardwebsite.com. @ns8.worldnic.com ; <<>> DiG 9.2.2rc1 <<>> www.holidaycardwebsite.com. @ns8.worldnic.com ;; global options: printcmd interesting that both servers aren't doing the same thing?