[dns-operations] attention yahoo, microsoft, wikipedia, akamai, and akamai customers

Peter Dambier peter at peter-dambier.de
Tue Apr 4 21:33:06 UTC 2006 

Stephane Bortzmeyer wrote:
> Studying our www.afnic.fr (a CNAME with an out-of-zone RHS), and the
> the queries received by our BIND nameserver ns3.nic.fr (which is
> authoritative for both nic.fr and afnic.fr), we note that one third of
> queries for www.afnic.fr are *not* followed by a query for
> rigolo.nic.fr, the canonical name.
> 
> We can conclude that one third of the resolvers in the wild are not
> paranoid enough. They accept out-of-zone data.
> 
> 
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.oarci.net
> http://lists.oarci.net/mailman/listinfo/dns-operations
> 
> 

Here my resolver log, dnscache (djbdns) with CNAME fix applied:

@400000004432d9aa2ee8a0fc query 10479 c0a8d0e2:8005:d17b 1 www.afnic.fr.

@400000004432d9aa2eec524c cached ns fr. a.ext.nic.fr.
@400000004432d9aa2eedf05c cached ns fr. a.nic.fr.
@400000004432d9aa2eef7314 cached ns fr. b.ext.nic.fr.
@400000004432d9aa2ef11124 cached ns fr. b.nic.fr.
@400000004432d9aa2ef28ff4 cached ns fr. c.ext.nic.fr.
@400000004432d9aa2ef41e64 cached ns fr. c.nic.fr.
@400000004432d9aa2ef59d34 cached ns fr. d.ext.nic.fr.
@400000004432d9aa2ef73374 cached ns fr. e.ext.nic.fr.
@400000004432d9aa2ef8c5cc cached ns fr. e.nic.fr.

@400000004432d9aa2f03936c cached 1 a.ext.nic.fr.
@400000004432d9aa2f05411c cached 1 a.nic.fr.
@400000004432d9aa2f0698dc cached 1 b.ext.nic.fr.
@400000004432d9aa2f080bf4 cached 1 b.nic.fr.
@400000004432d9aa2f095fcc cached 1 c.ext.nic.fr.
@400000004432d9aa2f0acefc cached 1 c.nic.fr.
@400000004432d9aa2f0c22d4 cached 1 d.ext.nic.fr.
@400000004432d9aa2f0d8e1c cached 1 e.ext.nic.fr.
@400000004432d9aa2f0ef964 cached 1 e.nic.fr.

@400000004432d9aa2f104954 tx 0 1 www.afnic.fr. fr. c05d0001 c239fd01 c1b09006 c0e45a15 c133d00e c0860031 cc98b855 8070810f c05d0004

@400000004432d9aa33d0946c rr c05d0001 172800 1 ns1.nic.fr. c05d0001
@400000004432d9aa33f22244 rr c05d0001 172800 1 ns2.nic.fr. c05d0004
@400000004432d9aa34d19564 rr c05d0001 172800 1 ns3.nic.fr. c0860031
@400000004432d9aa34d51004 rr c05d0001 76798 1 dns.inria.fr. c133d00d
@400000004432d9aa34d6f84c rr c05d0001 172800 1 rigolo.nic.fr. c0860414
@400000004432d9aa34d8ec4c rr c05d0001 172800 ns nic.fr. ns3.nic.fr.
@400000004432d9aa34dae04c rr c05d0001 172800 ns nic.fr. ns-sec.ripe.net.
@400000004432d9aa34dce7d4 rr c05d0001 172800 ns nic.fr. dns.inria.fr.
@400000004432d9aa34deeb74 rr c05d0001 172800 ns nic.fr. ns0.oleane.net.
@400000004432d9aa34e0eb2c rr c05d0001 172800 ns nic.fr. ns1.nic.fr.
@400000004432d9aa34e8c6e4 rr c05d0001 172800 ns nic.fr. ns1.oleane.net.
@400000004432d9aa34eaca84 rr c05d0001 172800 ns nic.fr. ns2.nic.fr.

@400000004432d9aa34ec9f44 rr c05d0001 172800 cname www.afnic.fr. rigolo.nic.fr.

@400000004432d9aa34eec224 rr c05d0001 172800 28 ns1.nic.fr. 20010660300500010000000000010001
@400000004432d9aa34f13324 rr c05d0001 172800 28 ns2.nic.fr. 20010660300500010000000000010002
@400000004432d9aa34f3986c rr c05d0001 172800 28 ns3.nic.fr. 20010660300600010000000000010001

@400000004432d9aa3504c6dc stats 10479 1008547 1 0
@400000004432d9aa3506b6f4 sent 10479 71

Looks like djbdns did cache rigolo.nic.fr. from the answer.
I did not find any other record of rigolo.nic.fr. today.


But DiG 9.1.3 does not see it:

; <<>> DiG 9.1.3 <<>> -t any www.afnic.fr. @a.nic.fr.
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19065
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 6

;; QUESTION SECTION:
;www.afnic.fr.                  IN      ANY

;; ANSWER SECTION:
www.afnic.fr.           172800  IN      CNAME   rigolo.nic.fr.

;; AUTHORITY SECTION:
afnic.fr.               172800  IN      NS      ns3.nic.fr.
afnic.fr.               172800  IN      NS      ns1.nic.fr.
afnic.fr.               172800  IN      NS      ns2.nic.fr.

;; ADDITIONAL SECTION:
ns1.nic.fr.             172800  IN      A       192.93.0.1
ns1.nic.fr.             172800  IN      AAAA    2001:660:3005:1::1:1
ns2.nic.fr.             172800  IN      A       192.93.0.4
ns2.nic.fr.             172800  IN      AAAA    2001:660:3005:1::1:2
ns3.nic.fr.             172800  IN      A       192.134.0.49
ns3.nic.fr.             172800  IN      AAAA    2001:660:3006:1::1:1

;; Query time: 70 msec
;; SERVER: 192.93.0.1#53(a.nic.fr.)
;; WHEN: Tue Apr  4 23:17:10 2006
;; MSG SIZE  rcvd: 241


-- 
Peter and Karin Dambier
The Public-Root Consortium
Graeffstrasse 14
D-64646 Heppenheim
+49(6252)671-788 (Telekom)
+49(179)108-3978 (O2 Genion)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/

More information about the dns-operations mailing list