RE: DNS cache poisoning?

["Rabinowitz, Michael CTR MDA/ION" <Michael.Rabinowitz.CTR () mda mil>]

Hi,

The error message below is probably unrelated to the crashing.  Domains
that resolve to resalehost.networksolutions.com are simply domains that
have expired with Network Solutions.

You'll have to do a little more investigating into the crashing.  Also,
to echo what others have said:  Whether it's a move to Win2k or a switch
to Unix, it is definitely time to upgrade.

Mike

-----Original Message-----
From: Willard Van Dyne [mailto:wvandyne () hotpop com] 
Sent: Monday, August 15, 2005 11:28 PM
To: incidents () securityfocus com
Subject: DNS cache poisoning?


Good day!

Our DNS server has been crashing far too frequently as of late. The OS
is WinNT4 SP6.

Many of the error messages in the system log goes like this:

"6/26/05,1:43:58 PM,Dns,Error,None,5108,N/A,DNS,DNS Server created CNAME

loop loading CNAME at resalehost.networksolutions.com.. One link in
CNAME 
loop:  DNS name resalehost.networksolutions.com. is alias for CNAME 
resalehost.networksolutions.com.. See adjoining messages for other links
in 
CNAME loop."

A Google search about the problem gets us reports that this looks like a

"cache corruption" vulnerability on Windows NT servers, and has to be
patched.

Is this true in our case?
If so, why is networksolutions.com doing this?
If not, is our network under attack by some other means?

I hope someone can enlighten us. Thanks!