Home / server / Questions / 838169
Accepted
Gus
Asked: 2017-03-15 04:36:17 +0800 CST

Strange DNS host name response

  • 772

I've recently experienced an XML-RPC attack vs wordpress from a pair of machines for which dig -x returns a very very odd looking result:

;; ANSWER SECTION:
54.249.96.191.in-addr.arpa. 60  IN  PTR DEDICATED.SERVER.

I've never seen a TLD named DEDICATED before. I get the same result from my home machine and within amazon...

domain-name-system dig

2 Answers

  1. Best Answer

    There is no actual requirement that PTR records return valid host names.

    Unfortunately.

    The typical approach to find the owner or ISP that manages an IP-address (range) is a WHOIS lookup.

    In this case the 191.96.249/24 range is managed by company called Dmzhost Limited with abuse AT DMZHOST.CO as their email contact.

    • 9

  2. The guy who runs those servers ([email protected]) is as dodgy as they come, and he allows his servers to be used for DDoS:

    https://medium.com/@alek.boyd/plunging-into-a-ddos-hole-a-how-to-guide-b7565f814513#.s97ens0gl

    • 0