Hi all, since recently, there seems to be a strange phenomenon going on with DNS resolution. From time to time, some domain names seem to be redirected to a domain broker/squatter (domainmonkeys or something), or today to myfamily.com. This is completely new behaviour from a system that has been running fine for over a year.
I am running BIND9 (from testing) that just serves local names and acts as a forwarder/cache for anything outside my local TLD. Sometimes, restarting BIND fixes it, but sometimes it doesn't. According to dig, the forwarder resolves to the same wrong IP as does another name server. When digging the name servers in the WHOIS data, I get the right IP. Is this some kind of attack on my system or are my forwarders simultaneously being poisoned? Is there someone crawling through my system? As for outside attacks: the system doesn't answer to inbound connections or unrelated packets to the ports used by BIND that come from outside the network. All machines on the network seem to be virus and spyware-free. -- Got Backup? Jabber: Shadowdancer at jabber.fsinf.de
pgp5zBCc2jr4G.pgp
Description: PGP signature
