[Unbound-users] DNS poisoning - any ideas how this can happen?
Martin Bachmann
m.bachmann at insign.ch
Mon Feb 9 17:33:52 UTC 2015
Hi all,
We've run into a dns poisoning issue in our company network since Friday.
The issue is being discussed here:
https://forum.pfsense.org/index.php?topic=87491.0 - we use Unbound on a
pfSense. A few other users have the same problem:
- All of a sudden, all host names resolve to a malware host.
- It stops automatically after some time
- There's no arp poisoning going on, so it really comes from Unbound on the
pfSense
Example:
While "on":
$ host omx.ch
omx.ch has address 195.22.26.248
omx.ch mail is handled by 10 mx1.csof.net.
omx.ch mail is handled by 10 mx2.csof.net.
Normally:
$host omx.ch
omx.ch has address 62.48.3.132
omx.ch mail is handled by 10 mxhost1.omx.ch
Other wrongly resolved ips lead to sso.mlwr.io (which tries to redirect
back to xsso.<correcthost.com>/<someidentifier>)
Any ideas?
- Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20150209/3ab4856a/attachment.htm>
More information about the Unbound-users
mailing list