[nsp-sec] 4.2.2.2 DNS wierdness ??

Mon Oct 20 12:38:05 EDT 2014

Lawrence,

I will spin off a separate thread with one of our DNS engineers.

Thanks,

Brett

-----Original Message-----
From: Lawrence Baldwin <baldwinl at mynetwatchman.com>
Date: Monday, October 20, 2014 at 10:28 AM
To: Nsp-Security <nsp-security at puck.nether.net>, Brett Wentworth
<Brett.Wentworth at level3.com>
Subject: 4.2.2.2 DNS wierdness ??

>Anyone noticing issues with this much used open resolver?
>
>
>$ nslookup
>> server 4.2.2.2
>Default server: 4.2.2.2
>Address: 4.2.2.2#53
>> budget.com
>;; connection timed out; trying next origin
>Server:		4.2.2.2
>Address:	4.2.2.2#53
>
>** server can't find budget.com: NXDOMAIN
>
>> www.google.com
>Server:		4.2.2.2
>Address:	4.2.2.2#53
>
>Non-authoritative answer:
>Name:	www.google.com
>Address: 74.125.229.177
>Name:	www.google.com
>Address: 74.125.229.179
>Name:	www.google.com
>Address: 74.125.229.180
>Name:	www.google.com
>Address: 74.125.229.176
>Name:	www.google.com
>Address: 74.125.229.178
>
>
>> booking.com
>Server:		4.2.2.2
>Address:	4.2.2.2#53
>
>** server can't find booking.com: NXDOMAIN
>
>
>Had some of our stuff using it to resolve and was causing a ton of
>problems since it seems to NOT want to resolve bunches of
>domains..things got real bad when it stopped resolving pool.ntp.org
>(though that seems to be working now).
>
>
>-- 
>Lawrence Baldwin
>Chief Forensics Officer
>myNetWatchman.com
>Atlanta, GA
>+1.678.624.0924