[dns-operations] DNS replies from AS 4808
SM
sm at resistor.net
Wed Jun 3 08:56:46 UTC 2009
Hi Alex,
At 00:06 03-06-2009, Alexander Mayrhofer wrote:
>I'm sorry, but what are "Web 2.0 related strings"? Plus, do they filter
>outbound, inbound, or both?
nameserver.test is a nameserver within AS 4808. The test was carried
out from a host outside AS 4808.
dig twitter.com.example.net @nameserver.test
Reply:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46652
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com.example.net. IN A
;; ANSWER SECTION:
twitter.com.example.net. 86400 IN A 202.106.1.2
Reply:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30487
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com.example.net. IN A
;; ANSWER SECTION:
twitter.com.example.net. 86400 IN A 64.33.88.161
Reply:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64561
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com.example.net. IN A
;; ANSWER SECTION:
twitter.com.example.net. 86400 IN A 202.181.7.85
Reply:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17554
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com.example.net. IN A
;; ANSWER SECTION:
twitter.com.example.net. 300 IN A 4.36.66.178
Reply:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12617
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com.example.net. IN A
;; ANSWER SECTION:
twitter.com.example.net. 300 IN A 203.161.230.171
Reply:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29097
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com.example.net. IN A
;; ANSWER SECTION:
twitter.com.example.net. 300 IN A 209.145.54.50
Reply:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64869
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com.example.net. IN A
;; ANSWER SECTION:
twitter.com.example.net. 86400 IN A 216.234.179.13
Reply:
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21069
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;twitter.com.example.net. IN A
;; ANSWER SECTION:
twitter.com.example.net. 300 IN A 211.94.66.147
dig flickr.com.example.com @nameserver.test
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59489
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;flickr.com.example.com. IN A
;; ANSWER SECTION:
flickr.com.example.com. 300 IN A 209.145.54.50
I assume it's outbound filtering.
>At 01:43 03-06-2009, Skull wrote:
>Apparently, some of the queries to SURBL mirrors appear to be
>hijacked during transit through Chinese address space.
There's more to it.
Regards,
-sm
More information about the dns-operations
mailing list