Google.ie DNS was hacked (now fixed) (domainregistry.ie)
domain: google.ie
descr: Google, Inc
descr: Body Corporate (Ltd,PLC,Company)
descr: Registered Trade Mark Name
admin-c: KR59-IEDR
tech-c: CCA7-IEDR
registration: 21-March-2002
renewal: 21-March-2013
status: Active
nserver: ns1.farahatz.net
nserver: ns2.farahatz.net
source: IEDR
37 comments
[ 5.6 ms ] story [ 90.2 ms ] threadnserver: ns1.farahatz.net nserver: ns2.farahatz.net
[Querying whois.domainregistry.ie] [whois.domainregistry.ie]
% You have issued 1000 queries today. You have 0 queries per rolling 1 hours.
% You have reached your 1 hour limit.
Looks like they're blocking lookups for google.ie
Edit - actually looks like they're not doing any lookups. Searching anything gives the same error. I haven't done any lookups today for anything, but it thinks I did 1000.
it seems like it's getting hammered now (the actual site iedr.ie)
SSL received a record that exceeded the maximum permissible length
I then did a bit of checking.
I am using OpenDNS, which shows 119.235.27.219 as the IP now
Even when browser tries to redirect to google.com, it is hanging
The IEDR reloads the zonefile next at 5pm, although I suspect they may be a bit quicker about it today...
google.ie. 172800 IN NS ns2.farahatz.net.
;; Received 79 bytes from 193.1.142.2#53(193.1.142.2) in 4 ms
www.google.ie. 14400 IN CNAME google.ie.
google.ie. 14400 IN A 119.235.27.219
google.ie. 86400 IN NS ns2.farahatz.net.
google.ie. 86400 IN NS ns1.farahatz.net.
$ whois 119.235.27.219
...
route: 119.235.16.0/20
descr: Route object of PT Inet Global Indo
descr: ISP
descr: Jakarta Barat
country: ID
origin: AS18351
mnt-by: MAINT-ID-INET
changed: hostmaster@idnic.net 20090211
source: APNIC
person: Santoso Halim
address: Pluit Permai 8 No.3A
address: Jakarta-Utara
address: Indonesia
country: ID
phone: +62-21-30047799
fax-no: +62-21-30047798
e-mail: hostmaster@inet.net.id
nic-hdl: SH1061-AP
mnt-by: MAINT-ID-INET
changed: halim@inet.net.id 20061020
source: APNIC
Perhaps some charitable Irish taxpayer could sort their domain name out for them?
1: http://www.irishtimes.com/newspaper/finance/2012/1006/122432...
shows
status: Active nserver: ns1.google.com nserver: ns2.google.com nserver: ns3.google.com source: IEDR
Domaintools.com shows something else
http://whois.domaintools.com/google.ie
Something else that's worth a look at: http://host.robtex.com/ns1.farahatz.net.html#graph
http://www.opendns.com/support/cache/
This would be loading the correct "hacked" entries now
google.ie 119.235.27.219
74.125.132.94
# dig +short @8.8.4.4 google.ie (Google DNS #2)
74.125.132.94
# dig +short @208.67.222.222 google.ie (Open DNS #1)
119.235.27.219
# dig +short @208.67.220.220 google.ie (Open DNS #2)
119.235.27.219
# dig +short @ns1.farahatz.net google.ie
;; connection timed out; no servers could be reached
# dig +short @ns2.farahatz.net google.ie
;; connection timed out; no servers could be reached
# whois 74.125.132.94
...
NetName: GOOGLE
...
# whois 119.235.27.219
...
netname: LINTASLINK-ID
...
It looks like either the IEDR (the guys who manage .ie) have been hacked, or, either Google or eMarkmonitor Inc (whoever they are) had their password for the IEDR systems compromised.
I was about to say that points the finger at the IEDR, but.. "eMarkmonitor Inc" are involved with them too..
# whois yahoo.ie
...
person: eMarkmonitor Inc
...
That basically means eMarkmonitor or the IEDR were hacked/had passwords stolen.
I've done this many times..
https://www.google.bo/
Found that out thanks to the technical details in Firefox's SSL error screen, where it says:
"www.google.bo uses an invalid security certificate.
"The certificate is only valid for the following names: google.com , .google.com , .youtube.com , youtube.com , .youtube-nocookie.com , youtu.be , .ytimg.com , .android.com , android.com , .googlecommerce.com , googlecommerce.com , .url.google.com , .urchin.com , urchin.com , .google-analytics.com , google-analytics.com , .cloud.google.com , goo.gl , g.co , .gstatic.com , .google.ac , ..." and then goes on to list an enormous number of localized Google domains.