Hi everyone. I noticed some very strange dns-entries for mail.gentoo.org (the mailhost this ML originates from):
; <<>> DiG 9.2.3 <<>> mail.gentoo.org <snip> ;; ANSWER SECTION: mail.gentoo.org. 900 IN A 64.5.62.16 ;; AUTHORITY SECTION: . 55843 IN NS D.ROOT-SERVERS.NET. . 55843 IN NS E.ROOT-SERVERS.NET. . 55843 IN NS F.ROOT-SERVERS.NET. . 55843 IN NS G.ROOT-SERVERS.NET. . 55843 IN NS H.ROOT-SERVERS.NET. . 55843 IN NS I.ROOT-SERVERS.NET. . 55843 IN NS J.ROOT-SERVERS.NET. . 55843 IN NS K.ROOT-SERVERS.NET. . 55843 IN NS L.ROOT-SERVERS.NET. . 55843 IN NS M.ROOT-SERVERS.NET. . 55843 IN NS A.ROOT-SERVERS.NET. . 55843 IN NS B.ROOT-SERVERS.NET. . 55843 IN NS C.ROOT-SERVERS.NET. This seems correct. Mails come from that ip. But now: earthdawn root # host 64.5.62.16 16.62.5.64.in-addr.arpa domain name pointer stonehengeirc.dyndns.org. What's that ? dyndns.org address ? What's wrong here ? Even exim notices that: (from exim_main.log) 2003-12-19 16:05:51 no IP address found for host stonehengeirc.dyndns.org (during SMTP connection from [64.5.62.16]) Some kind of strange dns-spoofing attack ? Can anybody explain this to me, please ? TIA -- Dennis Freise <[EMAIL PROTECTED]> GnuPG key fingerprint: 2DE8 CCEF 6E20 11D4 3B27 21EC B0BA 1749 D2C8 38ED Get my public key at : http://www.final-frontier.ath.cx/gpg_public_key.txt
pgp00000.pgp
Description: PGP signature