this is what I am seeing: $ dig any nytimes.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> any nytimes.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55086 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;nytimes.com. IN ANY ;; ANSWER SECTION: nytimes.com. 9945 IN A 141.105.64.37 nytimes.com. 81945 IN NS ns1.syrianelectronicarmy.com. nytimes.com. 81945 IN NS ns2.syrianelectronicarmy.com. ;; AUTHORITY SECTION: nytimes.com. 81945 IN NS ns2.syrianelectronicarmy.com. nytimes.com. 81945 IN NS ns1.syrianelectronicarmy.com. ;; ADDITIONAL SECTION: ns1.syrianelectronicarmy.com. 269 IN A 141.105.64.37 ns2.syrianelectronicarmy.com. 215 IN A 141.105.64.37 ;; Query time: 1 msec ;; SERVER: 10.10.89.245#53(10.10.89.245) ;; WHEN: Tue Aug 27 17:42:34 2013 ;; MSG SIZE rcvd: 162 On Tue, Aug 27, 2013 at 5:20 PM, staticsafe <me@staticsafe.ca> wrote:
On Tue, Aug 27, 2013 at 02:09:26PM -0700, Grant Ridder wrote:
I think someone hijacked NYTimes dns...
http://www.chicagotribune.com/business/technology/chi-new-york-times-website...
Non-authoritative answer: Name: nytimes.com Address: 141.105.64.37
~~~ dig any nytimes.com
; <<>> DiG 9.8.3-P1 <<>> any nytimes.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15335 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
;; QUESTION SECTION: ;nytimes.com. IN ANY
;; ANSWER SECTION: nytimes.com. 11560 IN A 141.105.64.37 nytimes.com. 5 IN NS ns1.syrianelectronicarmy.com. nytimes.com. 5 IN NS ns2.syrianelectronicarmy.com.
;; ADDITIONAL SECTION: ns1.syrianelectronicarmy.com. 47 IN A 141.105.64.37 ns2.syrianelectronicarmy.com. 47 IN A 141.105.64.37
Seems to have changed NSes again (still compromised, it seems):
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace nytimes.com ;; global options: +cmd . 518400 IN NS d.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS e.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS l.root-servers.net. ;; Received 512 bytes from ::1#53(::1) in 7 ms
com. 172800 IN NS a.gtld-servers.net. com. 172800 IN NS b.gtld-servers.net. com. 172800 IN NS c.gtld-servers.net. com. 172800 IN NS d.gtld-servers.net. com. 172800 IN NS e.gtld-servers.net. com. 172800 IN NS f.gtld-servers.net. com. 172800 IN NS g.gtld-servers.net. com. 172800 IN NS h.gtld-servers.net. com. 172800 IN NS i.gtld-servers.net. com. 172800 IN NS j.gtld-servers.net. com. 172800 IN NS k.gtld-servers.net. com. 172800 IN NS l.gtld-servers.net. com. 172800 IN NS m.gtld-servers.net. ;; Received 489 bytes from 2001:500:1::803f:235#53(2001:500:1::803f:235) in 132 ms
nytimes.com. 172800 IN NS ns27.boxsecured.com. nytimes.com. 172800 IN NS ns28.boxsecured.com. ;; Received 110 bytes from 2001:503:a83e::2:30#53(2001:503:a83e::2:30) in 110 ms
nytimes.com. 14400 IN A 212.1.211.121 nytimes.com. 86400 IN NS ns6.boxsecured.com. nytimes.com. 86400 IN NS ns5.boxsecured.com. ;; Received 92 bytes from 212.1.211.126#53(212.1.211.126) in 37 ms
-- staticsafe O< ascii ribbon campaign - stop html mail - www.asciiribbon.org Please don't top post. Please don't CC! I'm subscribed to whatever list I just posted on. _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages