From owner-freebsd-questions@FreeBSD.ORG  Thu Dec  9 20:56:57 2010
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D365A106564A
	for <questions@freebsd.org>; Thu,  9 Dec 2010 20:56:57 +0000 (UTC)
	(envelope-from xaero@xaerolimit.net)
Received: from mail-ew0-f51.google.com (mail-ew0-f51.google.com
	[209.85.215.51])
	by mx1.freebsd.org (Postfix) with ESMTP id 6FA478FC08
	for <questions@freebsd.org>; Thu,  9 Dec 2010 20:56:57 +0000 (UTC)
Received: by ewy19 with SMTP id 19so2217515ewy.10
	for <questions@freebsd.org>; Thu, 09 Dec 2010 12:56:56 -0800 (PST)
Received: by 10.213.33.136 with SMTP id h8mr519583ebd.51.1291928216250; Thu,
	09 Dec 2010 12:56:56 -0800 (PST)
MIME-Version: 1.0
Received: by 10.213.31.209 with HTTP; Thu, 9 Dec 2010 12:56:36 -0800 (PST)
In-Reply-To: <4D013ECD.7090102@ifdnrg.com>
References: <4D013ECD.7090102@ifdnrg.com>
From: Chris Brennan <xaero@xaerolimit.net>
Date: Thu, 9 Dec 2010 15:56:36 -0500
Message-ID: <AANLkTimt5xb640wFxvNSzAa2H903p77NpjcDKReyn1KA@mail.gmail.com>
To: Paul Macdonald <paul@ifdnrg.com>
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: FreeBSD Questions <questions@freebsd.org>
Subject: Re: more dns weirdness
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 20:56:57 -0000

On Thu, Dec 9, 2010 at 3:40 PM, Paul Macdonald <paul@ifdnrg.com> wrote:

>
> still debugging dns issues that are no doubt to do with wider issues:
>
> someone here might know who to tell?
>
> #whois amazon.com
>
> Whois Server Version 2.0
>
> Domain names in the .com and .net domains can now be registered
> with many different competing registrars. Go to http://www.internic.net
> for detailed information.
>
> AMAZON.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
> AMAZON.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
> AMAZON.COM.IS.N0T.AS.1337.AS.WWW.GULLI.COM
> AMAZON.COM.BLACKSWANSBOOKS.COM
> AMAZON.COM
>
>

I'll take a stab in the dark as to the cause, but not to whom is
responsible. This looks like an erroneous DNS Injection. An attempt to
inject false/misleading dns entries into [or before] a valid dns server
serves a reply. This is usually contributed to a bad admin who improperly
secured his/her DNS server or a malicious admin with the intent to wreak
havoc.