[dns-operations] Know anybody at McAfee/Intel Cloud DNS team?
Robert Edmonds
edmonds at mycre.ws
Wed Jan 18 02:30:30 UTC 2017
That's no ordinary load balancer. Those are tunneled database lookups!
(My favorite obfuscation is hex-encoding IPv4 addresses into the QNAME.)
http://www.cafepress.com/nxdomain/8592477
Warren Kumari wrote:
> ... because let's all write our own load-balancer.
> Can't be that hard, can it?!
>
> W
> On Tue, Jan 17, 2017 at 1:12 PM Ondřej Surý <ondrej.sury at nic.cz> wrote:
>
> > Hi,
> >
> > if you know anybody at McAfee/Intel Cloud DNS team, could you pass
> > them contact to me or at least this message?
> >
> > local.cloud.mcafee.com fails to respond to 0x20 DNS queries, but only
> > in a specific part of the QNAME.
> >
> >
> > b-0.19-23003008.1481.1518.19cf.3ea1.410.0.ekzijnekvvvg7gb38qcwur561b.avqs.mcafee.com.
> > WORKS
> >
> >
> > B-0.19-23003008.1481.1518.19CF.3EA1.410.0.ekzijnekvvvg7gb38qcwur561b.avqs.mcafee.com.
> > WORKS
> >
> >
> > b-0.19-23003008.1481.1518.19cf.3ea1.410.0.ekzijnekvvvg7gb38qcwur561B.avqs.mcafee.com.
> > FAILS (with NXDOMAIN)
> >
> > So only 0x20 changes in 'ekzijnekvvvg7gb38qcwur561b' label makes the query
> > return NXDOMAIN
> >
> > Cheers,
> > --
> > Ondřej Surý -- Technical Fellow
> > --------------------------------------------
> > CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC
> > Milesovska 5, 130 00 Praha 3, Czech Republic
> > mailto:ondrej.sury at nic.cz https://nic.cz/
> > --------------------------------------------
--
Robert Edmonds
More information about the dns-operations
mailing list