If you operate customer resolver servers, they may be poisoned, still; read the message below. ----- Forwarded Message -----
From: "Ted Cooper" <ml-nanog090304q@elcsplace.com> To: nanog@nanog.org Sent: Sunday, November 23, 2014 11:08:51 PM Subject: Re: Craigslist hacked? On 24/11/14 13:41, Brian Henson wrote:
Is anyone else seeing their local craigslist redirected to another site other than craigslist? I see it loading http://digitalgangster.com/5um.
Over on [dns-operations]:
On 24/11/14 13:38, Brad Volz wrote:>
The craigslist account at one of our registrars was compromised and the NS records migrated away from their rightful home. That issue has since been corrected, but the various caches around the Internet are still holding the old data.
If you could take a look at your caches to see if craigslist.org has the following NS records:
ns1p.craigslist.org ns2p.craigslist.org ns1f.craigslist.org ns2f.craigslist.org
If you see something else there, then you have a poisoned cache.
Thank you for your assistance in this matter.
Brad Volz Network Engineer
-- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274