[Dshield] Odd Hostname -> Address Behaviour

jayjwa jayjwa at atr2.ath.cx
Wed Oct 19 07:31:12 GMT 2005



Who causes this to happen, or at what level is this being done? ISP?


It seems host ftp.pspt.fi no longer exists (an old entry in a manpage). Note 
what address it is showing as, 64.158.56.36

* About to connect() to ftp.pspt.fi port 21
*   Trying 64.158.56.36... No route to host
* couldn't connect to host
* Closing connection #0

curl: (7) couldn't connect to host
Exit 7


host some.nonexistant.host
some.nonexistant.host has address 64.158.56.36
Host some.nonexistant.host not found: 3(NXDOMAIN)
Host some.nonexistant.host not found: 3(NXDOMAIN)


host 64.158.56.36
36.56.158.64.in-addr.arpa domain name pointer unknown.Level3.net

As luck would have it, there is a search site setup there, for example, doing 
something like:

lynx http://some.nonexistant.host/

Will waste your time taking you to some dumb search site that probably no one 
wanted to visit anyway. I don't like this behavior at all: if a host doesn't 
exist, it doesn't exist. Tell me that, but being sent to a "search" site (in 
the case above) is something I don't care for.


 	Were you looking for:     Results 1-10 of 364,410,000

    Web Results

    Apache Ant - Welcome
    June 2, 2005 - Ant 1.6.5 Available ... Granted, this removes some of
    the expressive power that is inherent by being able to construct a
    shell...
    http://ant.apache.org/

    Apache Ant User Manual
    Apache Ant 1.6.5 Manual. This is the manual for version 1.6.5 of Apache
    Ant. If your version of Ant (as verified with ... ant -version...
    http://jakarta.apache.org/ant/manual/index.html

    Texas Imported Fire Ant Research and Management Project
    Research and management of the fire ant from Texas Agricultural
    Experiment Station, Texas Agricultural Extension Service, Texas
    Department of...
    http://fireant.tamu.edu/



I've since firewalled the address and host off, both directions, so now I have 
the old, expected behavior back (like the curl ftp example at top). This seems 
like something my ISP would have to have set in their nameserver's 
parameters... am I correct or is there more to it than that? Level3 is 
upstream, but they aren't my direct ISP.



j


More information about the list mailing list