Re: NEVERMIND! (was: Seeking Google reverse DNS delegation contact)
On Sun, Nov 13, 2016 at 3:57 PM, Christopher Morrow wrote: > So... actually someone did tell arin to aim these at ns1/2google.com... > I'll go ask arin to 'fix the glitch'. > > the glitch got fixed, shortly after this message, but not by my/our doing... hrm.. I see passive dns data: bailiwick 136.8.204.in-addr.arpa. count 19 first seen 2016-10-28 16:17:02 - last seen 2016-11-13 08:59:50 - 136.8.204.in-addr.arpa. NS ns1.google.com. 136.8.204.in-addr.arpa. NS ns2.google.com. and after that: (overlapping that) bailiwick 204.in-addr.arpa. count 2335 first seen 2015-05-01 16:20:01 - last seen 2016-11-16 21:54:01 - 136.8.204.in-addr.arpa. NS ns1.rossinc.net. 136.8.204.in-addr.arpa. NS ns2.rossinc.net. so.. I suspect ross digital/rossinc.net noticed they made a 'mistake' and that that 'mistake' was seen externally and .. fixed things on thier own. With that said, it's possible (so they'll also fix this new problem): dig ns1.rossinc.net dig ns2.rossinc.net both are 'nxdomain' from: ;; ANSWER SECTION: rossinc.net. 3057 IN NS ns57.domaincontrol.com. rossinc.net. 3057 IN NS ns58.domaincontrol.com. which seems sad, and bad.. and .. like someone has made another 'mistake' :( rossinc, you probably want to fix this as well. > thanks! > -chris > (sometimes people do this, I have no idea why... perhaps they just like > broken ptrs?) > > On Thu, Nov 10, 2016 at 10:05 PM, Ronald F. Guilmette < > r...@tristatelogic.com> wrote: > >> >> >> My profuse apologies to everyone. It seems that Google is not in fact >> involved in any way with providing reverse DNS for the 204.8.136.0/21 >> IP address block. I was deceived into believing it was by some >> unusual trickey on the part of the spammer-controlled name servers >> ns1.saversagreeable.com and ns2.saversagreeable.com. You can see >> the clever deception toward the very end of the dig +trace listing >> I posted: >> >> http://pastebin.com/raw/VNwmgMHh >> >> It seems those clever rascal spammers tried to implicate Google's >> name servers, but it is only their's which are giving out the >> reverse DNS which suoorts their snowshoe spamming efforts in the >> 204.8.136.0/21 block. >> >> Sorry for my mistake everyone. I wasn't expecting quite this level >> or kind of reverse DNS delegation trickery. >> >> >> Regards, >> rfg >> > >
Re: NEVERMIND! (was: Seeking Google reverse DNS delegation
In message <7077df16-64ae-822d-8ce0-ba44129e2...@gmx.com>, Large Hadron Collider wrote: >> And that includes the bogus info you put into your WHOIS records too! >> Seriously, I give you credit for at least picking out a valid random >> street address, somewhere in fly-over country, but if you're going to >> go to all the trouble to pick yourself out a domain name, set it all >> up and then somehow snooker ARIN into delegating an entire /21's worth >> of reverse DNS to it, then my god, at least pick out something that has >> an air of believability to it, you know, like austin4u.net or texnets.net >> or something... not saversagreeable.com which is so totally and transparently >> bogus. >What if it was originally going to be a forum site for couponers who >aren't arrogant about it, and then they got sidetracked? Yea. Right. And I'm sure they thought that they were gonna need an entire /21 to host one web site. The smell from this is so bad it almost defies description. Regards, rfg
Re: NEVERMIND! (was: Seeking Google reverse DNS delegation
Engage glasses and safety squints. On 2016-11-13 07:41 PM, Ronald F. Guilmette wrote: In message <20161114004152.ga27...@panix.com>, Brett Frankenberger wrote: On Sun, Nov 13, 2016 at 03:57:19PM -0800, Christopher Morrow wrote: So... actually someone did tell arin to aim these at ns1/2google.com... I'll go ask arin to 'fix the glitch'. For 138.8.204.in-addr.arpa ... ARIN is delegating to ns[12].saversagreeable.com The NS records on the saversagreeable.com servers are pointing to ns[12].google.com. http://pastebin.com/raw/VNwmgMHh Right, which is what I said. To borrow a word from our former Dear Leader, I misunderestimated the level of either (a) devilish deception or else (b) ordinary garden- variety sheer technical incompence on the part of the current illicit inhabitants of 204.8.136.0/21. And really, I don't even give them much credit for brains, so it is probably the latter, which is somewhat depressing. I'm not sure what's funnier - Dear Leader, "misunderestimated" or your opinion of intelligence level. I mean seriously geeezz! What's the world coming to? It seems that the clubs for the low-life deadbeat spammers and IP hijackers are letting *anybody* in these days. I am always annoyed by spam and spammers, but I get REALLY annoyed when I get spammed by nitwits who can't even find their own asses with both hands when it comes to something as simple as setiing up their DNS properly. Next thing you know, they'll be making bonehead novice mistakes like leaving out the trailing periods in the Right Places in their zone files. True fact: I have made such boneheaded mistakes before. Honstly, there ought to be a law. If you're gonna spam me and use all these different levels and kinds of deception... massivley violating even the minimalist CAN-SPAM Act in the process... then at least have the courtesy, decency, and self-respect to at least do it in a workmanlike and competent fashion! I mean come on! Like, make it a lessener for the sentence? And that includes the bogus info you put into your WHOIS records too! Seriously, I give you credit for at least picking out a valid random street address, somewhere in fly-over country, but if you're going to go to all the trouble to pick yourself out a domain name, set it all up and then somehow snooker ARIN into delegating an entire /21's worth of reverse DNS to it, then my god, at least pick out something that has an air of believability to it, you know, like austin4u.net or texnets.net or something... not saversagreeable.com which is so totally and transparently bogus. What if it was originally going to be a forum site for couponers who aren't arrogant about it, and then they got sidetracked? And while you're at it, you should also at least make the WHOIS street address and the phone number area code line up, if not with the place you are pretending to be (Austin, TX) then at least with each other. What if you live in BC, Canada (250 code) and your business phone number is rate-centred in Vermont, USA (802 code) and the same business primarily serves the latter? Honestly, Christ! I've looked at enough phone numbers in enough spammer WHOIS records that I haven't needed to Google area code 702 in years to know that it ain't nowhere near Indianapolis. (Duh!) Look, spammers are gonna spam and hijackers are gonna hijack. We all know this, and for the most part, we've all come to accept it, because there are just too many crooks and/or too many incompetents at every level in the system to ever make it all go away. But if you're gonna spam and/or squat on IP space that clearly isn't your's, then at least have the dignity to actually *earn* your ill-gotten gains, you know, by setting up your deceptions properly. This crap in 204.8.136.0/21 may fool the folks at ARIN, but nobody else is buying it, because you set it up so badly. You are a discredit to spammers and hijackers, and that's saying a lot. This is your "job" fer chrissake? Don't you have any pride? 'nuff said. P.S. Sorry for the rant everybody, but sometimes it just really gets to me when I see quite this level of stoopid in the spammer community. In general I loath and despise spammers, but for some of them at least, I have a grudging respect, because at least they are good at their jobs. But these guys ain't among them. Everything the've done here is so transparently bogus that my dog could spot it, and he's blind in one eye. 100%. That just puts the icing on the cake.
Re: NEVERMIND! (was: Seeking Google reverse DNS delegation
In message <20161114004152.ga27...@panix.com>, Brett Frankenberger wrote: >On Sun, Nov 13, 2016 at 03:57:19PM -0800, Christopher Morrow wrote: >> So... actually someone did tell arin to aim these at >> ns1/2google.com... >> I'll go ask arin to 'fix the glitch'. > >For 138.8.204.in-addr.arpa ... > >ARIN is delegating to ns[12].saversagreeable.com > >The NS records on the saversagreeable.com servers are pointing to >ns[12].google.com. > >> > http://pastebin.com/raw/VNwmgMHh Right, which is what I said. To borrow a word from our former Dear Leader, I misunderestimated the level of either (a) devilish deception or else (b) ordinary garden- variety sheer technical incompence on the part of the current illicit inhabitants of 204.8.136.0/21. And really, I don't even give them much credit for brains, so it is probably the latter, which is somewhat depressing. I mean seriously geeezz! What's the world coming to? It seems that the clubs for the low-life deadbeat spammers and IP hijackers are letting *anybody* in these days. I am always annoyed by spam and spammers, but I get REALLY annoyed when I get spammed by nitwits who can't even find their own asses with both hands when it comes to something as simple as setiing up their DNS properly. Next thing you know, they'll be making bonehead novice mistakes like leaving out the trailing periods in the Right Places in their zone files. Honstly, there ought to be a law. If you're gonna spam me and use all these different levels and kinds of deception... massivley violating even the minimalist CAN-SPAM Act in the process... then at least have the courtesy, decency, and self-respect to at least do it in a workmanlike and competent fashion! I mean come on! And that includes the bogus info you put into your WHOIS records too! Seriously, I give you credit for at least picking out a valid random street address, somewhere in fly-over country, but if you're going to go to all the trouble to pick yourself out a domain name, set it all up and then somehow snooker ARIN into delegating an entire /21's worth of reverse DNS to it, then my god, at least pick out something that has an air of believability to it, you know, like austin4u.net or texnets.net or something... not saversagreeable.com which is so totally and transparently bogus. And while you're at it, you should also at least make the WHOIS street address and the phone number area code line up, if not with the place you are pretending to be (Austin, TX) then at least with each other. Honestly, Christ! I've looked at enough phone numbers in enough spammer WHOIS records that I haven't needed to Google area code 702 in years to know that it ain't nowhere near Indianapolis. (Duh!) Look, spammers are gonna spam and hijackers are gonna hijack. We all know this, and for the most part, we've all come to accept it, because there are just too many crooks and/or too many incompetents at every level in the system to ever make it all go away. But if you're gonna spam and/or squat on IP space that clearly isn't your's, then at least have the dignity to actually *earn* your ill-gotten gains, you know, by setting up your deceptions properly. This crap in 204.8.136.0/21 may fool the folks at ARIN, but nobody else is buying it, because you set it up so badly. You are a discredit to spammers and hijackers, and that's saying a lot. This is your "job" fer chrissake? Don't you have any pride? 'nuff said. P.S. Sorry for the rant everybody, but sometimes it just really gets to me when I see quite this level of stoopid in the spammer community. In general I loath and despise spammers, but for some of them at least, I have a grudging respect, because at least they are good at their jobs. But these guys ain't among them. Everything the've done here is so transparently bogus that my dog could spot it, and he's blind in one eye.
Re: NEVERMIND! (was: Seeking Google reverse DNS delegation
contact) User-Agent: Mutt/1.6.1 (2016-04-27) On Sun, Nov 13, 2016 at 03:57:19PM -0800, Christopher Morrow wrote: > So... actually someone did tell arin to aim these at > ns1/2google.com... > I'll go ask arin to 'fix the glitch'. For 138.8.204.in-addr.arpa ... ARIN is delegating to ns[12].saversagreeable.com The NS records on the saversagreeable.com servers are pointing to ns[12].google.com. > > http://pastebin.com/raw/VNwmgMHh -- Brett
Re: NEVERMIND! (was: Seeking Google reverse DNS delegation contact)
So... actually someone did tell arin to aim these at ns1/2google.com... I'll go ask arin to 'fix the glitch'. thanks! -chris (sometimes people do this, I have no idea why... perhaps they just like broken ptrs?) On Thu, Nov 10, 2016 at 10:05 PM, Ronald F. Guilmette wrote: > > > My profuse apologies to everyone. It seems that Google is not in fact > involved in any way with providing reverse DNS for the 204.8.136.0/21 > IP address block. I was deceived into believing it was by some > unusual trickey on the part of the spammer-controlled name servers > ns1.saversagreeable.com and ns2.saversagreeable.com. You can see > the clever deception toward the very end of the dig +trace listing > I posted: > > http://pastebin.com/raw/VNwmgMHh > > It seems those clever rascal spammers tried to implicate Google's > name servers, but it is only their's which are giving out the > reverse DNS which suoorts their snowshoe spamming efforts in the > 204.8.136.0/21 block. > > Sorry for my mistake everyone. I wasn't expecting quite this level > or kind of reverse DNS delegation trickery. > > > Regards, > rfg >
NEVERMIND! (was: Seeking Google reverse DNS delegation contact)
My profuse apologies to everyone. It seems that Google is not in fact involved in any way with providing reverse DNS for the 204.8.136.0/21 IP address block. I was deceived into believing it was by some unusual trickey on the part of the spammer-controlled name servers ns1.saversagreeable.com and ns2.saversagreeable.com. You can see the clever deception toward the very end of the dig +trace listing I posted: http://pastebin.com/raw/VNwmgMHh It seems those clever rascal spammers tried to implicate Google's name servers, but it is only their's which are giving out the reverse DNS which suoorts their snowshoe spamming efforts in the 204.8.136.0/21 block. Sorry for my mistake everyone. I wasn't expecting quite this level or kind of reverse DNS delegation trickery. Regards, rfg
