in Planet Networking security ~ read.

Kabel Deutschland breaks DNS System for it's customers

Last week I noticed, that Kabel Deutschland, a cable provider in Germany, returns for any non existing hosts "204.9.89.60". It seems, thats it is rolled out since last fall. Even for DNSSEC enabled infrastructure it breaks it totally:

; <<>> DiG 9.3.4 <<>> +dnssec web.pixaco.se @83.169.184.161
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; ANSWER SECTION:
web.pixaco.se. 0 IN A 204.9.89.60

Beside that, this behavour breaks the whole DNS, since many mechanism rely on a negative answer. The most visible effect for the users is, that when having a typo on surfing, he will forwarded to http://suche.kabeldeutschland.de/de.kde.assist/?domain=. Since 204.9.88.0/21 is located at our transatlantic friends from US, there might be some problem with leaking privacy informations. I don't feel happy, if I had a typo in my URL and getting listed for it on any terror list or providing the newest porno links to my american friends inside the organizations with the tree capitals.

All that for getting some extra money, but racing price dumping for connectivity, this sucks a lot.
If you are a customer and feel pissed, you can send a friendly note to them:

Kabel Deutschland Vertrieb und Service GmbH & Co. KG
Beschwerdestelle
99116 Erfurt
kundenservice@kabeldeutschland.de
Fax: 01805299925

A quick and dirty workaround for dnsmasq maybe to add "bogus-nxdomain=204.9.89.60" to your config file. This doesn't fix the DNSSEC problem.
The problem also pops up at dns-operations and there are traces at google too.

[UPDATE] Over 1 year later zdnet.de discoverd the problem.