Looks like 213.30.180.218 allows unrestricted zone transfers.
ls -d ALJAZEERA.NET. [[213.30.180.218]] $ORIGIN aljazeera.net. @ 15M IN SOA ns3 dnsadmin.nav-link.net. ( 2003032706 ; serial 3H ; refresh 1H ; retry 1W ; expiry 15M ) ; minimum
15M IN NS ns1sa.navlink.com. 15M IN NS ns3 15M IN MX 10 mail 15M IN A 213.30.180.219 ns3 15M IN A 213.30.180.218 admin 15M IN A 213.30.180.219 synadmin 15M IN A 213.30.180.220 english 15M IN A 213.30.180.219 jazad01 15M IN A 213.30.180.220 wrc 15M IN A 213.30.180.222 jazad02 15M IN A 213.30.180.220 cm 15M IN A 213.130.180.216 syndication 15M IN A 213.30.180.220 jazad 15M IN A 213.30.180.220 mail 15M IN A 64.110.61.12 www 15M IN CNAME @ bm 15M IN A 213.30.180.221 www1 15M IN A 213.30.180.219 www2 15M IN A 213.30.180.219 ftp 15M IN CNAME @ stats 15M IN A 213.30.180.222 users 15M IN A 213.30.180.219 @ 15M IN SOA ns3 dnsadmin.nav-link.net. ( 2003032706 ; serial 3H ; refresh 1H ; retry 1W ; expiry 15M ) ; minimum
Handy to do a quick update on any servers doing recursion. ---Mike At 03:48 PM 27/03/2003 -0600, John Palmer wrote:
Hmm - don't think so - although nothing is up there - www.aljazeera.net resolves to 127.0.0.1. This is from the MYDOMAIN.COM nameservers listed as the auth for this domain:
; <<>> DiG 8.2 <<>> ns aljazeera.net @b.gtld-servers.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; QUERY SECTION: ;; aljazeera.net, type = NS, class = IN
;; ANSWER SECTION: aljazeera.net. 2D IN NS NS4.MYDOMAIN.COM. aljazeera.net. 2D IN NS NS1.MYDOMAIN.COM. aljazeera.net. 2D IN NS NS2.MYDOMAIN.COM. aljazeera.net. 2D IN NS NS3.MYDOMAIN.COM.
;; ADDITIONAL SECTION: NS4.MYDOMAIN.COM. 2D IN A 63.251.83.74 NS1.MYDOMAIN.COM. 2D IN A 64.94.117.195 NS2.MYDOMAIN.COM. 2D IN A 216.52.121.228 NS3.MYDOMAIN.COM. 2D IN A 66.150.161.130
;; Total query time: 80 msec ;; FROM: LAIR.LION to SERVER: b.gtld-servers.net 192.33.14.30 ;; WHEN: Thu Mar 27 16:38:14 2003 ;; MSG SIZE sent: 31 rcvd: 179
LAIR$ dig www.aljazeera.net @ns1.mydomain.com
; <<>> DiG 8.2 <<>> www.aljazeera.net @ns1.mydomain.com ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; www.aljazeera.net, type = A, class = IN
;; ANSWER SECTION: www.aljazeera.net. 2M IN A 127.0.0.1
;; AUTHORITY SECTION: aljazeera.net. 2M IN NS ns1.mydomain.com. aljazeera.net. 2M IN NS ns2.mydomain.com. aljazeera.net. 2M IN NS ns3.mydomain.com. aljazeera.net. 2M IN NS ns4.mydomain.com.
;; ADDITIONAL SECTION: ns1.mydomain.com. 30M IN A 64.94.117.195 ns2.mydomain.com. 30M IN A 216.52.121.228 ns3.mydomain.com. 30M IN A 66.150.161.130 ns4.mydomain.com. 30M IN A 63.251.83.74
;; Total query time: 117 msec ;; FROM: LAIR.LION to SERVER: ns1.mydomain.com 64.94.117.195 ;; WHEN: Thu Mar 27 16:38:28 2003 ;; MSG SIZE sent: 35 rcvd: 199
----- Original Message ----- From: "Eric Brunner-Williams in Portland Maine" <brunner@nic-naa.net> To: "Sean Donelan" <sean@donelan.com> Cc: "Abdullah Ibn Hamad Al-Marri" <arabian@ArabChat.Org>; <nanog@merit.edu>; <brunner@nic-naa.net> Sent: Thursday, March 27, 2003 15:30 Subject: Re: aljazeera.net domain owned.
Earlier today I logged a disparity between the NSI web whois interface and the whois commandline interface outputs (http://nic-iq.nic-naa.net, bottom of page).
I sent mail to two contacts inside Verisign, and at 4:30pm EST, the hijack appears to be over, at least as far as NS records are concerned.