I`m experiencing DNS Spoofing and got this when I use dig deb.parrot.sh . Output is below.
; <<>> DiG 9.18.33-1~deb12u2-Debian <<>> deb.parrot.sh
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15319
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;deb.parrot.sh. IN A
;; ANSWER SECTION:
deb.parrot.sh. 300 IN CNAME mordor.backbone.rfc2549.network.
mordor.backbone.rfc2549.network. 300 IN CNAME mumbai.mordor.rfc2549.network.
mumbai.mordor.rfc2549.network. 300 IN A 139.84.238.12
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;deb.parrot.sh. IN A
;; ANSWER SECTION:
deb.parrot.sh. 300 IN CNAME mordor.backbone.rfc2549.network.
mordor.backbone.rfc2549.network. 300 IN CNAME london.mordor.rfc2549.network.
london.mordor.rfc2549.network. 300 IN A 178.79.175.35
This has come up more than once recently, and so some research…
the .network TLd is operated by Binky Moon ;
and whilst initially there were many ‘companies’ cough, for tax reasons looking after many of the new TLd names, they were all consolidated under the Donut brand (owned by Binky Moon).
They are now called Identity Digital, with a mission to;
Maintain a safe and secure Internet.
We strive to immediately address and mitigate all forms of DNS abuse.
We stay vigilant and committed to eliminating harmful material on the Internet.
We work at the forefront of internet security to prevent and mitigate cyberattacks, such as phishing, malware, and botnets.
So as you can see, a DNS provider and service backend, hopefully this will stop being raised now?
interesting titbit, the rfc2549 part is a nod to the request for comments april fools release in 1990;
17:02