[PLUG] DNS mystery...

plug_0 at robinson-west.com plug_0 at robinson-west.com
Wed Apr 11 01:09:43 UTC 2007


The mail server for sophistasis.com is supposed to be the backup exchanger
for robinson-west.com.  Apparently, my brother got a message meant for me
and should have been able to check my name server for my server's address,
but he got the ip for sophistasis instead.

Okay, what happened I wonder???


   /-------------\                  /--------\
   | sophistasis |-----Internet-----| xerxes |
   \-------------/                  \--------/

* Did a spammer send the message and simultaneously manage to
poison the DNS server on web?

* Is a renegade gateway responsible, possibly inside Opus?

* Is there a weakness in the iBook my brother isn't aware
of which allows a remote site to change dns response
packets?

I've noticed that I can't get register.com to accept ns1.sophistasis.com
as a valid name server for robinson-west.com.  I don't know why that
is.  I remember a dns test suggested that Opus is running a vulnerable
release of bind where I am using Opus's servers as a tertiary option.
Oddly and irritatingly, the register.com domain tools show the Opus
server as the first server in my DNS list.

Michael C. Robinson

----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.




More information about the PLUG mailing list