Very strange DNS (bulkdomains.com)
 

One of my domains, teenshave.net is registred trough bulkdomains.com and also DNS is managed by them. I was just looking from Google if it's there or not (not really SE optimized yet) and I notised something VERY strange.

I searched for teenshave.net. It returned no results, but recommended on clicking if the domains exists. I did, and was taken to search.sprinks.about.com. Wow. Ok, then I typed in the teenshave.net manually and this time I was taken to my site.

Looking the DNS, it seems that teenshave.net doesn't have an A record (which I'm pretty sure I've defined, I always do that first).

Then I took another try, quitting the browser and restarting. This time teenshave.net was taken to mad2.net / enom.com.

www.teenshave.net works as it should.

Some pretty strange shit. Please, if someone has any clues, please let me know.

My guess:

bulkdomains.com (or group of companies) are doing the following:

they have tailored BIND which does a round robin for all the A records requested which don't exists. Then they sell this traffic. Some pretty funny stuff though..

What kind of an expert board is this...? Nobody has a clue, or no one gives a fuck?

Experts will be with you shortly... any minute now...

Yes.

Yes.

No one gives a shit :)

yes

The doorbell just rang i think its an expert


Be right back

dunno,
I am bored and hate my real job, so I wrote a script that did a dig on your domain a few thousand times... every one was identical:

dumpdigger results:
; <<>> DiG 9.2.1 <<>> teenshave.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2556
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 10

;; QUESTION SECTION:
;teenshave.net. IN A

;; ANSWER SECTION:
teenshave.net. 1739 IN A 216.168.60.84

;; AUTHORITY SECTION:
teenshave.net. 172739 IN NS dns1.name-services.com.
teenshave.net. 172739 IN NS dns2.name-services.com.
teenshave.net. 172739 IN NS dns3.name-services.com.
teenshave.net. 172739 IN NS dns4.name-services.com.
teenshave.net. 172739 IN NS dns5.name-services.com.

;; ADDITIONAL SECTION:
dns1.name-services.com. 162947 IN A 66.150.5.103
dns1.name-services.com. 162947 IN A 66.150.5.176
dns1.name-services.com. 162947 IN A 66.150.5.63
dns2.name-services.com. 171530 IN A 66.216.126.143
dns2.name-services.com. 171530 IN A 66.216.126.144
dns2.name-services.com. 171530 IN A 66.216.94.14
dns3.name-services.com. 82459 IN A 63.251.83.36
dns4.name-services.com. 171530 IN A 216.89.126.2
dns4.name-services.com. 171530 IN A 216.89.126.4
dns5.name-services.com. 412 IN A 63.251.83.37

average Query time: 48 msec
worst Query time: 86 msec

probable result:
not fucked




--------------

anyways. whatever you were using to check the A was not working right probably... I used 15 different DNS servers, so you're pretty safe.
see how creative people can get when they hate submitting to tgps? anything to take a 10 minute break :)

Drew

hibbidiji, thnx for some reply, others:

:321GFY :321GFY

for your input.

Yeah, the only problem is:

I HAVE NO FUCKING THING TO DO WITH 216.168.60.84 (ie. forest.net hosting) where it points to...

:thefinger

hehe lovely... next time I'll try making the next step :) lol.. well I would imagine that bulkdomains has some crazy virthost running on that ip that does redirects...

I did this:
I pinged teenshave.net
that got me:
194.100.174.178

I did a reverse dns on that and got nothing at all.

I do a reverse dns on the ip that my digs gave me and it gives me the forest.net deal...
I'm too toasted right now to make any sense of that, but it's interesting
hibb

are you russian?

This truly smells like a proper scam work. I logged in to my account, and indeed, there was teenshave.net defined, I have no clue however how that forest.net ip got there. Strange...