Maybe this is an April Fool's gag, but we didn't notice it until today.
Back in the 20th century, someone propagated the IP address of ftp.warez.org to be 127.0.0.1 -- the same address as localhost, your own computer. So when kids would pop onto the Internet and ask "where can I grab free games?" folks could tell him to ftp to ftp.warez.org, and then giggle at the thought of some kid FTP'ing himself.
Okay, it wasn't that great a joke.
Well, girlscouts-hawaii.org seems to be doing the same thing now:
bash-3.1$ whois girlscouts-hawaii.org | grep Server
Name Server:NS1.TWTELECOM.NET
Name Server:NS2.TWTELECOM.NET
bash-3.1$ nslookup - NS1.TWTELECOM.NET
> 127.0.0.1
Server: NS1.TWTELECOM.NET
Address: 216.136.95.2#53
1.0.0.127.in-addr.arpa name = loopback.girlscouts-hawaii.org.
1.0.0.127.in-addr.arpa name = localhost.
This has propagated to most DNS servers we could find.
bash-3.1$ nslookup loopback.girlscouts-hawaii.org w20ns.mit.edu
Server: w20ns.mit.edu
Address: 18.70.0.160#53
Non-authoritative answer:
Name: loopback.girlscouts-hawaii.org
Address: 127.0.0.1
And, here's the kicker, it shows up reverse lookups for anyone using Time Warner's DNS servers.
bash-3.1$ dig +short -t ptr 1.0.0.127.in-addr.arpa
loopback.girlscouts-hawaii.org.
localhost.
Thankfully this last one hasn't propagated, and hopefully it won't. Still, Time Warner isn't exactly tiny. For all the homes and businesses hanging off of their networks, any tools that do reverse lookups are going to generate some very confusing results. It also suggests risks to an organization relying upon reverse lookups for any kind of access control.
UPDATE: Time Warner has fixed the DNS so the reverse-lookup doesn't happen any more. Forward does, but that's not hurting anybody.
9 comments:
Wow, you're right, and no April Fool's as well on this one -- I just doublechecked from my workstation against the MIT DNS and it turned this info up.
To further emphasize how crappily they're running the show over there, they have zone transfers enabled GLOBALLY.
Check it:
dig @NS1.TWTELECOM.NET twtelecom.net axfr
This is why having a localhost definition in your /etc/hosts file is a good idea...
We did this at UCSD. We'd tell people to check out the stuff we have on the Windows SMB share running at warez.ucsd.edu, but they'd always complain that they couldn't find anything they didn't already have.
Unfortunately, not every tool uses /etc/hosts for reverse lookups.
This is done all over the place. Everywhere I've worked for the last 10 years easily. It's done so that hosts who don't have or ignore a hosts file can get directed to the right IP for the lookup of "localhost". This isn't april fools, nor is it ignorant. Most of all, it doesn't affect you or anyone else. So why would you care?
yeah, not an april fools - as the previous anonymous said, it's nice sometimes, because what happens when someone deletes that entry in your hosts file?
More specifically, I know the Netscape/iPlanet/Sun e-mail server used to *require* this entry in DNS.
you might find this mailing list post interesting and relevant to this..
This is done all over. It's there loopback address clearly by the dns entry. It is not a big deal, certainly not worth a post over.
Post a Comment