<div dir="ltr">this is what I am seeing:<div><br></div><div><div>$ dig any <a href="http://nytimes.com">nytimes.com</a></div><div><br></div><div>; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> any <a href="http://nytimes.com">nytimes.com</a></div>
<div>;; global options: +cmd</div><div>;; Got answer:</div><div>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55086</div><div>;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2</div><div>
<br></div><div>;; QUESTION SECTION:</div><div>;<a href="http://nytimes.com">nytimes.com</a>.<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>ANY</div><div><br></div><div>;; ANSWER SECTION:</div>
<div><a href="http://nytimes.com">nytimes.com</a>.<span class="" style="white-space:pre"> </span>9945<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>A<span class="" style="white-space:pre"> </span>141.105.64.37</div>
<div><a href="http://nytimes.com">nytimes.com</a>.<span class="" style="white-space:pre"> </span>81945<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>NS<span class="" style="white-space:pre"> </span><a href="http://ns1.syrianelectronicarmy.com">ns1.syrianelectronicarmy.com</a>.</div>
<div><a href="http://nytimes.com">nytimes.com</a>.<span class="" style="white-space:pre"> </span>81945<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>NS<span class="" style="white-space:pre"> </span><a href="http://ns2.syrianelectronicarmy.com">ns2.syrianelectronicarmy.com</a>.</div>
<div><br></div><div>;; AUTHORITY SECTION:</div><div><a href="http://nytimes.com">nytimes.com</a>.<span class="" style="white-space:pre"> </span>81945<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>NS<span class="" style="white-space:pre"> </span><a href="http://ns2.syrianelectronicarmy.com">ns2.syrianelectronicarmy.com</a>.</div>
<div><a href="http://nytimes.com">nytimes.com</a>.<span class="" style="white-space:pre"> </span>81945<span class="" style="white-space:pre"> </span>IN<span class="" style="white-space:pre"> </span>NS<span class="" style="white-space:pre"> </span><a href="http://ns1.syrianelectronicarmy.com">ns1.syrianelectronicarmy.com</a>.</div>
<div><br></div><div>;; ADDITIONAL SECTION:</div><div><a href="http://ns1.syrianelectronicarmy.com">ns1.syrianelectronicarmy.com</a>. 269 IN<span class="" style="white-space:pre"> </span>A<span class="" style="white-space:pre"> </span>141.105.64.37</div>
<div><a href="http://ns2.syrianelectronicarmy.com">ns2.syrianelectronicarmy.com</a>. 215 IN<span class="" style="white-space:pre"> </span>A<span class="" style="white-space:pre"> </span>141.105.64.37</div><div><br></div>
<div>
;; Query time: 1 msec</div><div>;; SERVER: 10.10.89.245#53(10.10.89.245)</div><div>;; WHEN: Tue Aug 27 17:42:34 2013</div><div>;; MSG SIZE rcvd: 162</div></div><div><br></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, Aug 27, 2013 at 5:20 PM, staticsafe <span dir="ltr"><<a href="mailto:me@staticsafe.ca" target="_blank">me@staticsafe.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="HOEnZb"><div class="h5">On Tue, Aug 27, 2013 at 02:09:26PM -0700, Grant Ridder wrote:<br>
> I think someone hijacked NYTimes dns...<br>
><br>
> <a href="http://www.chicagotribune.com/business/technology/chi-new-york-times-website-20130827,0,3415996.story" target="_blank">http://www.chicagotribune.com/business/technology/chi-new-york-times-website-20130827,0,3415996.story</a><br>
><br>
><br>
> Non-authoritative answer:<br>
> Name: <a href="http://nytimes.com" target="_blank">nytimes.com</a><br>
> Address: 141.105.64.37<br>
><br>
> ~~~<br>
> dig any <a href="http://nytimes.com" target="_blank">nytimes.com</a><br>
><br>
> ; <<>> DiG 9.8.3-P1 <<>> any <a href="http://nytimes.com" target="_blank">nytimes.com</a><br>
> ;; global options: +cmd<br>
> ;; Got answer:<br>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15335<br>
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2<br>
><br>
> ;; QUESTION SECTION:<br>
> ;<a href="http://nytimes.com" target="_blank">nytimes.com</a>. IN ANY<br>
><br>
> ;; ANSWER SECTION:<br>
> <a href="http://nytimes.com" target="_blank">nytimes.com</a>. 11560 IN A 141.105.64.37<br>
> <a href="http://nytimes.com" target="_blank">nytimes.com</a>. 5 IN NS <a href="http://ns1.syrianelectronicarmy.com" target="_blank">ns1.syrianelectronicarmy.com</a>.<br>
> <a href="http://nytimes.com" target="_blank">nytimes.com</a>. 5 IN NS <a href="http://ns2.syrianelectronicarmy.com" target="_blank">ns2.syrianelectronicarmy.com</a>.<br>
><br>
> ;; ADDITIONAL SECTION:<br>
> <a href="http://ns1.syrianelectronicarmy.com" target="_blank">ns1.syrianelectronicarmy.com</a>. 47 IN A 141.105.64.37<br>
> <a href="http://ns2.syrianelectronicarmy.com" target="_blank">ns2.syrianelectronicarmy.com</a>. 47 IN A 141.105.64.37<br>
<br>
</div></div>Seems to have changed NSes again (still compromised, it seems):<br>
<br>
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +trace <a href="http://nytimes.com" target="_blank">nytimes.com</a><br>
;; global options: +cmd<br>
. 518400 IN NS <a href="http://d.root-servers.net" target="_blank">d.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://a.root-servers.net" target="_blank">a.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://e.root-servers.net" target="_blank">e.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://f.root-servers.net" target="_blank">f.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://i.root-servers.net" target="_blank">i.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://j.root-servers.net" target="_blank">j.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://b.root-servers.net" target="_blank">b.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://k.root-servers.net" target="_blank">k.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://c.root-servers.net" target="_blank">c.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://g.root-servers.net" target="_blank">g.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://h.root-servers.net" target="_blank">h.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://m.root-servers.net" target="_blank">m.root-servers.net</a>.<br>
. 518400 IN NS <a href="http://l.root-servers.net" target="_blank">l.root-servers.net</a>.<br>
;; Received 512 bytes from ::1#53(::1) in 7 ms<br>
<br>
com. 172800 IN NS <a href="http://a.gtld-servers.net" target="_blank">a.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://b.gtld-servers.net" target="_blank">b.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://c.gtld-servers.net" target="_blank">c.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://d.gtld-servers.net" target="_blank">d.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://e.gtld-servers.net" target="_blank">e.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://f.gtld-servers.net" target="_blank">f.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://g.gtld-servers.net" target="_blank">g.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://h.gtld-servers.net" target="_blank">h.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://i.gtld-servers.net" target="_blank">i.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://j.gtld-servers.net" target="_blank">j.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://k.gtld-servers.net" target="_blank">k.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://l.gtld-servers.net" target="_blank">l.gtld-servers.net</a>.<br>
com. 172800 IN NS <a href="http://m.gtld-servers.net" target="_blank">m.gtld-servers.net</a>.<br>
;; Received 489 bytes from 2001:500:1::803f:235#53(2001:500:1::803f:235)<br>
in 132 ms<br>
<br>
<a href="http://nytimes.com" target="_blank">nytimes.com</a>. 172800 IN NS <a href="http://ns27.boxsecured.com" target="_blank">ns27.boxsecured.com</a>.<br>
<a href="http://nytimes.com" target="_blank">nytimes.com</a>. 172800 IN NS <a href="http://ns28.boxsecured.com" target="_blank">ns28.boxsecured.com</a>.<br>
;; Received 110 bytes from 2001:503:a83e::2:30#53(2001:503:a83e::2:30)<br>
in 110 ms<br>
<br>
<a href="http://nytimes.com" target="_blank">nytimes.com</a>. 14400 IN A 212.1.211.121<br>
<div class="im"><a href="http://nytimes.com" target="_blank">nytimes.com</a>. 86400 IN NS <a href="http://ns6.boxsecured.com" target="_blank">ns6.boxsecured.com</a>.<br>
<a href="http://nytimes.com" target="_blank">nytimes.com</a>. 86400 IN NS <a href="http://ns5.boxsecured.com" target="_blank">ns5.boxsecured.com</a>.<br>
</div>;; Received 92 bytes from 212.1.211.126#53(212.1.211.126) in 37 ms<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
--<br>
staticsafe<br>
O< ascii ribbon campaign - stop html mail - <a href="http://www.asciiribbon.org" target="_blank">www.asciiribbon.org</a><br>
Please don't top post.<br>
Please don't CC! I'm subscribed to whatever list I just posted on.<br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
Outages mailing list<br>
<a href="mailto:Outages@outages.org">Outages@outages.org</a><br>
<a href="https://puck.nether.net/mailman/listinfo/outages" target="_blank">https://puck.nether.net/mailman/listinfo/outages</a><br>
</div></div></blockquote></div><br></div>