DragonFly users List (threaded) for 2005-03
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

OT DNS/routing question

From:	walt <wa1ter@xxxxxxxxxxxxx>
Date:	Sat, 12 Mar 2005 07:23:52 -0800

Like my last DNS question, this one was raised by a phishing
email asking me to click on this URL:
http://wamu.securesite.cn/.process-sk/index.php?MfcISAPICommand=SignInFPP&UsingSSL=1&email=&userid=

Now, this is my puzzle:

#host wamu.securesite.cn
wamu.securesite.cn has address 127.0.0.2

My first thought was that my local DNS server is misconfigured, so I
tried using the nameserver for securesite.cn and got the same answer.

#dig @ns2.afraid.org wamu.securesite.cn

; <<>> DiG 9.2.3 <<>> @ns2.afraid.org wamu.securesite.cn
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12484
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 4

;; QUESTION SECTION:
;wamu.securesite.cn.            IN      A

;; ANSWER SECTION:
wamu.securesite.cn.     43200   IN      A       127.0.0.2

Do you see why I'm confused?  Are they doing something *really*
sneaky here, or am I using the DNS tools incorrectly?

Follow-Ups:
- Re: OT DNS/routing question
  - From: Marcin Jessa
- Re: OT DNS/routing question
  - From: Gabriel Ambuehl

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]