Slashdot Mirror

← Back to Stories (view on slashdot.org)

SEO Via DNS "Piggybacking"

Posted by samzenpus on from the slip-in-there dept.

An anonymous reader writes "There is an interesting story over at the SANS Internet Storm Center that shows details on about 50 organizations that have had new machine names added to their DNS zone information. These were then pointed to sites used to boost the search engine cred of pharma, personals, and porn sites. If you outsource your DNS, how would you ever catch something like this?"

2 of 74 comments (clear)

  1. Re:By checking? by causality · · Score: 3, Informative

    Well, djbdns is dead, so what else is left of any worth?

    I've been really happy with Unbound. Prior to that, I used MaraDNS until I found that Unbound was snappier from the perspective of my Web browser not having to wait as long for hostname resolution.

    My own needs are rather modest. It is possible there is some killer feature you absolutely must have that neither of those supports. If not, I think you'd like them.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  2. Zone transfers? by Anonymous Coward · · Score: 3, Informative

    The referenced site had many examples, such as buy-viagra.4kidsnus.com
    having been added as an extra host (subdomain! There is even a
    www.buy-viagra.4kidsnus.com!) to 4kidsnus.com.

    Now how did that get added to 4kidsnus.com?

    Someone suggested checking a zone transfer. That seems not to work
    here at the dnsexit.com supplied nameservers.

    I do NOT see any buy-viagra.4kidsnus.com in a zone transfer for 4kidsnus.com. I DO see a separate zone transfer to the domain buy-viagra.4kidsnus.com itself.

    Usually public zone transfers don't work, but they happen to
    be supported for 4kidsnus.com.

    4kidsnus.com. SOA ns2.dnsexit.com

    (from dns2.dnsexit.com)

    Hmmm ... slashdot claims this hits their 'lameness' filters
    due to so many 'junk; characters ... like spaces and digits?

    Well ... apparently they are not going to accept it with
    any useful data so ... try a 'dig @ns2.dnsexit.com. 4kidsnus.com.' Here is a truncated version of what I found.

    One finds the SOA (nameserver at ns2.dnsexit.com),
    NS records (dns{1,2,3,4}@dnsexit.com), a few MX records
    (at google) a wild carded CNAME (*.4kidsnus.com are all
    aliased to the CNAME 4kidsnus.com) and address for
    4kidsnus.com (50.73.38.13) and one host with its own,
    separate A record, pbx.4kidsnus.com at 74.189.21.58.

    I don't see buy-viagra.4kidsnus.com at all.
    However one can get a separate zone transfer for that
    domain (with a host at www.buy-viagra.4kidsnus.com):

    dig @ns2.dnsexit.com buy-viagra.4kidsnus.com. axfr

    buy-viagra.4kidsnus.com. SOA ns2.dnsexit.com. admin.netdorm.com.
    buy-viagra.4kidsnus.com. NS ns1.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns2.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns3.dnsexit.com.
    buy-viagra.4kidsnus.com. NS ns4.dnsexit.com.
    buy-viagra.4kidsnus.com. A 67.55.117.204
    www.buy-viagra.4kidsnus.com. CNAME buy-viagra.4kidsnus.com.
    buy-viagra.4kidsnus.com. 28800 IN SOA ns2.dnsexit.com. admin.netdorm.com. ;; SERVER: ns2.dnsexit.com