DNS attack..possibly smurf
I have 2 servers colo both at Superb.net
mm2.atari.net 66.36.236.4
ns1.lo3.com 66.36.236.37
If you do a dnsreport for ANY domain on my server you get something rather odd.
http://dnsreport.com/tools/dnsreport...main=atari.net
The DNS parent is correctly pointing at mm2.atari.net BUT my nameserver says it points to ns2.sedoparking.com. Obviously that's not how it's suppose to be.
I have looked into this and it could be a smurf attack but looking at tcpdump it appears clean.
I have looked in my named.conf and it appears OK. I see no mention in any of my files for sedoparking that would cause this. I have contacted superb but the person there appears a bit clueless and he said on Monday the DNS expert will be in (oh great!). He told me it's most likely a registrar problem..but that's bull. The 2 nameservers are registered at seperate registrars. I checked them both just in case and they appear ok. Also if you do the DNSREPORT search it says the correct IP for my NS. However the very troubling part is that MY server tells everyone to go to sedo.
All my sites are starting to resolve to sedo now..and it's really frustrating.
Superb of course does control my rDNS entry..could this be the problem? What if their rDNS server is saying mm2.atari.net is sedoparking? To me it's the only thing that makes sense why both servers would be a problem.
Anyone have a clue here? What should I look for?
