Cogent DNS Hijack
Got to know from August lmao, here's the DIG:
; <<>> DiG 9.18.24-1-Debian <<>> A cogentco.com +trace
;; global options: +cmd
. 44189 IN NS b.root-servers.net.
. 44189 IN NS f.root-servers.net.
. 44189 IN NS a.root-servers.net.
. 44189 IN NS l.root-servers.net.
. 44189 IN NS g.root-servers.net.
. 44189 IN NS d.root-servers.net.
. 44189 IN NS j.root-servers.net.
. 44189 IN NS c.root-servers.net.
. 44189 IN NS m.root-servers.net.
. 44189 IN NS k.root-servers.net.
. 44189 IN NS i.root-servers.net.
. 44189 IN NS h.root-servers.net.
. 44189 IN NS e.root-servers.net.
. 44189 IN RRSIG NS 8 0 518400 20240605210000 20240523200000 5613 . KrylV5bkziA3/4d+3xyJAIIFHsKoNJzrELFoNEUXyz3Is+lju9fG2FnW FqIGAmuQ0+DVudtD9Yr4VvRNm2tYjr606VKeWVyDWrKDVDPTNCyhiE0v Tl79JtnS4NAtgp72ZRpDyK2WvhBCkoyInzldEbjnxoyC5H8pa5ZSM0Q/ MrVx83+n5yyBNqL1gebjRJdAxW8ghq4qfeGn05gUNol3BO+MRATz1rhj HZGJYzfXIgL5jPKkWv95b12EpgQW5TGANse4GsLqynbF7sOqiOYxUSw4 vaVNvz6X/s4iXounQZx2Ek99YZ3NjCpvxOuvck4xqMf57/BEB1SVs81g 4f23Vw==
;; Received 525 bytes from 23.150.11.4#53(23.150.11.4) in 196 ms
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 86400 IN DS 19718 13 2 8ACBB0CD28F41250A80A491389424D341522D946B0DA0C0291F2D3D7 71D7805A
com. 86400 IN RRSIG DS 8 1 86400 20240606050000 20240524040000 5613 . OoecC4wElC2wnFIAWjawAYoEz6qlfiw8qNfSpJwXva3Umb7F4hDxVgGr wsF+6bPTxmPCzP7RT6QnR0+SKIQOTgZkP1qiwzoNNhgII068xWF4Ju73 qlRTG7I4jzWC/dHtUv6ut8f1UlTl5PwDELwC6a4fUmhYDQFmclhX7Nfq 47OGVhF7HvFA/V/Jouk9Qc/eNEipTZDjuiZvMqF7ySNV3ocfku2JDDSR spSVz4OVyY3DtfysN9wRIAWNcM/Y9msI8JON2h+RSYeS+pR+zdpc7hcX O0QdN6Tl5lT37jwnQFpGy2VzChk3D7nKuTEvg1ACOCUzZ56lCr6hGmyJ TZw1Bg==
;; Received 1200 bytes from 192.36.148.17#53(i.root-servers.net) in 120 ms
cogentco.com. 172800 IN NS ns1.csit-host.com.
cogentco.com. 172800 IN NS ns2.csit-host.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q2D6NI4I7EQH8NA30NS61O48UL8G5 NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 13 2 86400 20240528042513 20240521031513 956 com. bUxLzRZW0UNAOPeMOTz2GMVh05uXRI74GZJLFuyUE5ITHgGLWyfRRYTH zSx4eDkhJTq3CMFD8zwI5gZ7ZakVRw==
9RQN1VFO65HPUGCSLHA5PCMF7MJJCM99.com. 86400 IN NSEC3 1 1 0 - 9RQN79RM7Q14RJJ8N8JJSGKQ64K16EPN NS DS RRSIG
9RQN1VFO65HPUGCSLHA5PCMF7MJJCM99.com. 86400 IN RRSIG NSEC3 13 2 86400 20240531053947 20240524042947 956 com. AKVsAIt8d795FDRaKoFdG+Alcfr/1JLFm+ZsNw49uuQEMBlCzHto1JP9 cwIuX5FcsG9mZmPK71ZoctpnLpQaHw==
;; Received 476 bytes from 192.52.178.30#53(k.gtld-servers.net) in 44 ms
cogentco.com. 14400 IN A 176.9.24.28
;; Received 57 bytes from 176.9.24.28#53(ns2.csit-host.com) in 120 ms
That's fun.
youtube.com/watch?v=k1BneeJTDcU
Comments
They also recently fucked up the c-root: https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/
youtube.com/watch?v=k1BneeJTDcU