DNS/NEWS/2015-11-13について、ここに記述してください。 == scansafe.net issue == It's not clear that things have been repaired. As of 17:00 PST 12 Nov (01:00 CUT 13 Nov), dig is still showing the suspect IP -- although with a 300 sec TTL (see below): dig @ns4.mailround.com scansafe.net {{{ ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.el6_7.4 <<>> @ns4.mailround.com scansafe.net ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19078 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;scansafe.net. IN A ;; ANSWER SECTION: scansafe.net. 300 IN A 208.91.197.132 ;; Query time: 47 msec ;; SERVER: 208.91.197.132#53(208.91.197.132) ;; WHEN: Thu Nov 12 17:08:41 2015 ;; MSG SIZE rcvd: 46 }}} このひとは毒入りのサーバに問い合わせたらしい。  つまりns4.mailround.com のつもりが、208.91.197.132 に問い合わせているようだ。 {{{ $ dig @208.91.197.132 scansafe.net ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 16462 ;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 0; ADDITIONAL: 0 ;; QUESTION SECTION: ;; scansafe.net. IN A ;; ANSWER SECTION: scansafe.net. 300 IN A 208.91.197.132 ;; Received 46 B ;; Time 2015-11-14 00:14:08 JST ;; From 208.91.197.132@53(UDP) in 189.5 ms }}} == 2015-11-14 == -- ToshinoriMaeno <> {{{ $ dig @ns4.mailround.com scansafe.net ;; ->>HEADER<<- opcode: QUERY; status: NOERROR; id: 49903 ;; Flags: qr aa rd; QUERY: 1; ANSWER: 1; AUTHORITY: 3; ADDITIONAL: 4 ;; QUESTION SECTION: ;; scansafe.net. IN A ;; ANSWER SECTION: scansafe.net. 3600 IN A 80.254.145.119 ;; AUTHORITY SECTION: scansafe.net. 3600 IN NS ns4.mailround.com. scansafe.net. 3600 IN NS ns5.mailround.com. scansafe.net. 3600 IN NS ns0.mailround.com. ;; ADDITIONAL SECTION: ns0.mailround.com. 3600 IN A 80.254.145.110 ns0.mailround.com. 3600 IN AAAA 2a00:9600:0:818:2::110 ns4.mailround.com. 3600 IN A 72.37.171.85 ns5.mailround.com. 3600 IN A 72.37.244.85 ;; Received 189 B ;; Time 2015-11-14 00:09:06 JST ;; From 72.37.171.85@53(UDP) in 276.4 ms }}} == ztomy.com == ztomy.com がからんでいそうなので、追いかけてみる。 (akamai上か) http://blogs.cisco.com/security/hijacking-of-dns-records-from-network-solutions