[AusNOG] DNS Devolution targeting the .com.au space - should we be worried?

Damien Gardner Jnr rendrag at rendrag.net
Thu Jun 1 15:56:00 EST 2017 

I used to see something much like this when I hosted secondary dns for
arpa.org.au.  Had to ask the client to find alternate hosting, as I was
seeing a fairly constant 2-3mbps of requests against various *.
168.192.in-addr.arpa.org.au addresses from a large swathe of Melbourne
based ip's.


On Thu, 1 Jun 2017 at 3:35 pm, Benjamin Ricardo <ben.ricardo at acs.net.au>
wrote:

> HI All,
>
> Looking for thoughts on something that we uncovered today in the wild
> (heard about it years ago but never seen it) regarding internal company
> domains that are using public .com.au domain suffixes and whether there’s
> something that should be done here.
>
>
>
> The issue is caused by Microsofts Primary DNSSuffix Devolution and the
> potential for legitimate traffic to be redirected to the owner of the
> domain “com.com.au.” if your machine has a domain name of “
> somehostname.somedomainname.com.au”
>
> It is possible in this situation for a non-qualified query to do the
> following:
>
>
>
> ibm.com.somehostname.somedomainname.com.au     (NXDOMAIN)
>
> ibm.com.somedomainname.com.au
> (NXDOMAIN)
>
> ibm.com.com.au
> (NOERROR)
>
>
>
> You can see the vulnerability.
>
> The problem is now that it appears that the owner of the domain “
> com.com.au” has started to register A records for big name domains such
> as .ibm.com in the hope of catching non-fully qualified queries to these
> addresses.
>
>
>
> I can only think that this is going to end badly for people.
>
> Is this the sort of thing that could be flagged as abuse?
>
>
>
> Appreciate any comments.
>
>
>
> Ben
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-- 

Damien Gardner Jnr
VK2TDG. Dip EE. GradIEAust
rendrag at rendrag.net -  http://www.rendrag.net/
--
We rode on the winds of the rising storm,
 We ran to the sounds of thunder.
We danced among the lightning bolts,
 and tore the world asunder
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170601/031b070f/attachment.html>

More information about the AusNOG mailing list