Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Keywords: DNS, Poison Attack, Network Operations, Servers, Domain Names
DBSA ID: 2013-0005
Regarding: Multiple Global DNS Compromises
Date: 2013 06 20
Last Modified: 20131029035043 by Kradorex Xeron
Who should take note: All DNS Server Operators
Rationale: Operators must act to ensure users serviced by their servers are not directed to malicious systems.
Rationale: The impact is global across multiple high-profile domain names.
Spread of Issue: CROSS-PLATFORM HIGH
Rationale: All systems that are Intenet-connected are affected.
What is assumed as a DNS cache poisoning attack or possible incident at Network Solutions Inc has incurred a potential compromise of a possible minimum of 78,000 domain names, said domain names have had their DNS servers set to two nameservers operated by ztomy.com, which have been cited domain squatting, takeovers and other such potential malicious activities against domain names without regard to the impact of their takeovers.
Affected domain names may have their authoritative DNS servers (IN NS Records) set to:
And web traffic has been observed to be redirected to a server in 18.104.22.168/24
Noted domain names effected at some point (but not limited to, a number has been cited of minimum 78,000 domain names):
The link between these domain names is that they seem to be registered through Network Solutions
DNS Server operators are advised to purge their resolution caches and/or restart their server instances with clean caches. Network Solutions, a .com TLD (Top Level Domain) registrar has made corrections to resolve the incident at their level.
No known public resources have commented on the incident.