Hacker News new | past | comments | ask | show | jobs | submit login

# dig +short @8.8.8.8 google.ie (Google DNS #1)

74.125.132.94

# dig +short @8.8.4.4 google.ie (Google DNS #2)

74.125.132.94

# dig +short @208.67.222.222 google.ie (Open DNS #1)

119.235.27.219

# dig +short @208.67.220.220 google.ie (Open DNS #2)

119.235.27.219

# dig +short @ns1.farahatz.net google.ie

;; connection timed out; no servers could be reached

# dig +short @ns2.farahatz.net google.ie

;; connection timed out; no servers could be reached

# whois 74.125.132.94

...

NetName: GOOGLE

...

# whois 119.235.27.219

...

netname: LINTASLINK-ID

...




So, the Google DNS servers are returning the correct values? Is it definitely Google's server which has been hacked?


No - It doesn't look like Googles DNS servers have been hacked.

It looks like either the IEDR (the guys who manage .ie) have been hacked, or, either Google or eMarkmonitor Inc (whoever they are) had their password for the IEDR systems compromised.


It's definitely NOT Google's servers hacked, since at least one other domain (yahoo.ie) was affected.


Ooo - Interesting.

I was about to say that points the finger at the IEDR, but.. "eMarkmonitor Inc" are involved with them too..

# whois yahoo.ie

...

person: eMarkmonitor Inc

...

That basically means eMarkmonitor or the IEDR were hacked/had passwords stolen.


Markmonitor handles all the ccTLDs (.ie, .co.uk, .de, etc) for almost all the Fortune 500 companies. If they were hacked you'd see more than two changed .ie domains.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: