NXDOMAIN Hijacking Example

Created Diff never expires
22 removals
20 lines
25 additions
19 lines
~ $ dig A doesntexistajbehsjdhw @8.8.8.8 #Google (doesn't)
~ $ dig A doesntexistajbehsjdhw @4.2.2.1 # Level3 (Hijacks NXDOMAIN)


; <<>> DiG 9.16.11 <<>> A doesntexistajbehsjdhw @8.8.8.8
; <<>> DiG 9.16.11 <<>> A doesntexistajbehsjdhw @4.2.2.1
;; global options: +cmd
;; global options: +cmd
;; Got answer:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38839
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61285
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0


;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;; QUESTION SECTION:
;doesntexistajbehsjdhw. IN A
;doesntexistajbehsjdhw. IN A


;; AUTHORITY SECTION:
;; ANSWER SECTION:
. 85726 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022091202 1800 900 604800 86400
doesntexistajbehsjdhw. 10 IN A 23.202.231.167
doesntexistajbehsjdhw. 10 IN A 23.217.138.108


;; Query time: 50 msec
;; Query time: 73 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; SERVER: 4.2.2.1#53(4.2.2.1)
;; WHEN: Mon Sep 12 22:54:33 EDT 2022
;; WHEN: Mon Sep 12 22:54:26 EDT 2022
;; MSG SIZE rcvd: 125
;; MSG SIZE rcvd: 71