[Dshield] Strange DNS Lookup

[Shaun]

Yep, it's normal. These hosts have all, at some point, been designated
as nameservers by a registrar, and whois is a "greedy" search. For
example, try querying the whois server for my favorite brand of vodka.

$ whois svedka

Or, for that matter, try

$whois tanaya

-s 


On Thu, 05 Jun 2008 17:47:28 -0500
"Mar Matthias Darin" <BDarin at tanaya.net> wrote:

> Hello, 
> 
> I am in the final stages of testing a beta program before bringing it fully 
> online and came acrossed something very strange.  The program is an IP 
> address lookup toool.  The URL is 
> http://dns.tanaya.net/cgi-bin/dns.cgi?whois+66.94.237.10 
> 
> This is part of what I get from the lookup: 
> 
> YAHOO.COM.ZZZZZZ.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
> YAHOO.COM.ZZZZZ.GET.LAID.AT.WWW.SWINGINGCOMMUNITY.COM
> YAHOO.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
> YAHOO.COM.VN
> YAHOO.COM.VIRGINCHASSIS.COM
> YAHOO.COM.TWIXTEARS.COM
> YAHOO.COM.TW
> YAHOO.COM.SG
> YAHOO.COM.OPTIONSCORNER.COM
> YAHOO.COM.MX
> YAHOO.COM.MORE.INFO.AT.WWW.BEYONDWHOIS.COM
> YAHOO.COM.JTNELECTRIC.COM
> YAHOO.COM.JOSEJO.COM
> YAHOO.COM.JENNINGSASSOCIATES.NET
> YAHOO.COM.IS.N0T.AS.1337.AS.SEARCH.GULLI.COM
> YAHOO.COM.HK
> YAHOO.COM.ELPOV.COM
> YAHOO.COM.EATINGFORJOY.NET
> YAHOO.COM.DALLARIVA.COM
> YAHOO.COM.COLLEGELEARNER.COM
> YAHOO.COM.CHRISIMAMURAPHOTOWORKS.COM
> YAHOO.COM.BR
> YAHOO.COM.BGPETERSON.COM
> YAHOO.COM.AU
> YAHOO.COM 
> 
> 
> Is this normal? 
> 
> Thank you in advance. 
> 
> 
>  --- 
> 
> The Matthias Chronicles
> http://tanaya.net/MatthiasChronicles/
> _________________________________________
> SANSFIRE !! The Internet Storm Center Conference
> http://www.sans.org/sansfire08/