I don't know how it would "work" it's way into your cache, but my hosting provider does a similiar thing. Verizon redirects all unresolvable names to virtual page xxx.2ndpower.com, or 63.66.136.100... Now, if you are running a purely caching server, everytime it gets a new host resolution request (a url it's never seen before) it passes it up to the primary nameserver, (who may, or may not, depending on it's cache, pass it up the chain, possibly all the way to a root nameserver for .com, or whatever...), and this is where the unresolvable names get mapped to www.bigred.com, or whatever... This, of course gets passed down to you, and becomes a mongolian cluster you-know-what. Some ISP's do this to make extra money off of dns errors / non-existent domains, others simply to provide some extra niceness, rather than an error page, remember that most home Internet users aren't system admins, or even technical, so error pages may cause them to forget to breathe, or something. Either way, your service provider (or whoever provides you DNS resolution) has decided to do this. Solution: find another place to do your DNS resolution, and if startpage.ms is your homepage /webpage, get your ISP (DNS host, Zone Edit, whatever) to resolve it to your webserver, else they will happily send people to www.bigred.com with your domain name, I'm not sure if .ms is a valid TLD (yet, ever?), but I've heard enough about them adding new ones, plus companies setting up pseudo TLDs and playing finance/marketing games with "concept" TLDs, that I will not even venture to guess... Regardless, that's the solution I went with. For me, I'd noticed it, but it wasn't really a problem until I'd setup a Samba server, was doing performance tuning, and noticed browse delays, which were caused because silly Win2k tried to resolve DNS first for machine names, failed after timeout/ complete DNS lookup to . servers, was redirected to 63.66.136.100, which it then tried to connect to and THEN tried netbios/bcast/etc. So I changed that configuration, and ditched the broken DNS at the same time... Now I'm happy again. -----Original Message----- From: Ray Beaulieu [mailto:rayat_private] Sent: Tuesday, June 26, 2001 6:03 AM To: 'INCIDENTSat_private' Subject: bigred.com On two occasions, I've been approached by my executive team complaining whenever enter an invalid url, they are forwarded to www.bigred.com. Sure enough, when I intentionally ping an invalid address, i.e. www.skdjfiwjefoisje.com I get replies from 64.78.44.127. Plugging this addess into a browser, redirects me to the bigred search engine with the following http://www.bigred.com/index.php?ref=roberts . The HTML source on the redirecting page is follows; <HTML><HEAD><TITLE>Error 404</TITLE></HEAD> <FRAMESET FRAMEBORDER=0 FRAMESPACING=0 BORDER=0 ROWS="20,*"> <FRAME SRC="http://startpage.ms/error.php" NAME="AdBaer" MARGINWIDTH="4" MARGINHEIGHT="2" scrolling=no noresize BORDERCOLOR="#FFFFFF"> <FRAME SRC="http://www.bigred.com/index.php3?ref=fourofor" NAME="OtherF" MARGINWIDTH=0 MARGINHEIGHT=0 scrolling=yes noresize BORDERCOLOR="#FFFFFF"> <NOFRAMES><BODY><a href="http://www.bigred.com/index.php3?ref=fourofor">Click Here</a></BODY></NOFRAMES></FRAMESET></HTML> If I enter http://startpage.ms, <form the 3rd line in the code>, I also get forwared to bigred.com. I can easly fix this by flushing the cache on my DNS servers, <which are MS win2k sp1>. It goes away for a week or so. Here's the whois on startpage.ms # startpage.ms is registered Domain Name: startpage.ms Object ID: star1016u Registered: 2001-03-13 Expires: (undefined) Timestamp: 20010411190029 Registrant, Admin. Contact Matthew Roberts PO Box 1198, Voorhees, NJ 08043 United States E-mail: robertsat_private Phone: (856) 804-3207 Object ID: matth987q Technical Contact, Billing Contact Register.com, Inc. 575 8th Avenue, 11th Floor, New York, NY, 10018 United States E-mail: aparkat_private Phone: 212.594.9880 Fax: 212.594.9448 Object ID: xyz2824.ms Resource Records (2): ns ns1.zoneedit.com ns ns5.zoneedit.com Has anyone else seen this, and how the heck is he getting into my DNS cache so that invalid domian names forward to that address. The only service allowed to/from the dns servers through my firewall is UDP 53. -Ray ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Jun 27 2001 - 17:25:36 PDT