Croatian ISPs have DNS issues?

Chrome screenshot depicts “nehe.gamedev.net” as opened on Croatian T-Com ISP with their DNS. Black Safari screenshot depicts “nehe.gamedev.net” when using Google’s DNS server.

Reportedly Croatian ISP B-Net also has the same issue.

On B-Net and T-Com, nehe.gamedev.net resolves to 209.62.105.19. Ordinarily it should resolve to 216.185.96.235.

White Safari screenshots depicts what you get when you visit this IP directly. Apparently searchmagnified is not owned by NetworkSolutions because it advertises other registrars.

Could this be some well orchestrated DNS hijack? Or is it just caching gone haywire? (It seems strange that this reputable domain would “revert” to a spyware and ad-troll site and be restored so quickly, but that Croatian ISPs’ DNSs’ would go insane.)

Could it be related to this January 2010 attack against Network Solutions?

From inquiring foreign acquaintances and friends, looks like this is a local problem. Also, here’s some whois and nslookup digging.
The-Evil-MacBook:~ ivucica$ whois gamedev.net

[snip]

Registrant:
Bells & Whistles Software, Inc.
   2705 North Carroll Avenue
   Southlake, TX 76092
   US

   Domain Name: GAMEDEV.NET

   ————————————————————————
   Promote your business to millions of viewers for only $1 a month
   Learn how you can get an Enhanced Business Listing here for your domain name.
   Learn more at http://www.NetworkSolutions.com/
   ————————————————————————

   Administrative Contact, Technical Contact:
      ZWave, LLC domains@ZWAVE.COM
      2705 N CARROLL AVE
      SOUTHLAKE, TX 76092-3101
      US
      (817) 329-9242 fax: (817) 329-9243


   Record expires on 26-Mar-2020.
   Record created on 26-Mar-1999.
   Database last updated on 2-Apr-2010 12:59:27 EDT.

   Domain servers in listed order:

   NS2.ZWAVE.COM                216.234.238.74
   NS1.ZWAVE.COM                216.234.238.75

The-Evil-MacBook:~ ivucica$ nslookup
> server 216.234.238.74
Default server: 216.234.238.74
Address: 216.234.238.74#53
> nehe.gamedev.net
Server: 216.234.238.74
Address: 216.234.238.74#53

Name: nehe.gamedev.net
Address: 216.185.96.235
Looks like the domain itself is pretty much doing very well! As it stands it looks like it’s truly a DNS hijack, but I’m not exactly a network expert so don’t take my word for it.

-=-
Tip me with Bitcoin to: 1ASA9q5VQUxPZvit8X2AP4JYzPcSDk7dFV or using ChangeTip (button below)


3 thoughts on “Croatian ISPs have DNS issues?

  1. avibrender

    We had the same thing happen today – a customers domain on our internal DNS resolver was pointed to the exact same IP – 209.62.105.19

    I don't believe that this is an accident

    Reply
  2. Ivan Vučica

    Blweh,

    I was wondering if you could provide some more insight:
    * Was an ISP's caching DNS affected?
    * Was the original domain's nameserver affected?
    * If the cache was affected, did you try querying the domain's nameserver directly?

    I'm just curious!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *