Malware DNS A record points to my ip address

matzhu asked:

I’ve used BIND for about ten years but am by no means an expert, at all. Having said that, I just wiped my VPS due to a crytomining malware infection.

While I was getting BIND set back up I noticed that a domain (TLD) I do not own was coming up as being hosted by my IP address. Further inspection shows the A record for this domain points to my IP.

I can understand there would be nothing to prevent someone from setting an A record to point wherever. But is there nothing I can do to block this? It seems like this is probably something very basic that I’m just missing, but am having trouble in troubleshooting it. Most of my searches have been fruitless.

Recursion is off.

Here’s the options from named.conf

options {
    listen-on port 53       { any; };
    listen-on-v6 port 53    { any; };
    directory               "/var/named";
    dump-file               "/var/named/data/cache_dump.db";
    statistics-file         "/var/named/data/named_stats.txt";
    memstatistics-file      "/var/named/data/named_mem_stats.txt";
    allow-query             { any; };
    allow-transfer          { none; };
    recursion               no;
    dnssec-enable           yes;
    dnssec-validation       yes;
    bindkeys-file           "/etc/named.iscdlv.key";
    managed-keys-directory  "/var/named/dynamic";
    pid-file                "/run/named/";
    session-keyfile         "/run/named/session.key";

My answer:

You can’t change someone else’s domain records.


If the other domain is actually the domain responsible for serving malware, you can contact the abuse contact at their DNS provider and their domain registrar, if different, to report the domain as a malware source (and include evidence thereof). These providers may then be able to do something, such as temporarily or permanently suspending the domain.

You can also attempt to get a new IP address from your own service provider.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.