[dns-operations] Spoofing DNS with fragments
Mark Andrews
marka at isc.org
Fri Sep 14 00:25:47 UTC 2018
And over all the TLD servers.
dns=ok dnswkk=formerr,notsig
dns=ok dnswkk=malformed
dns=ok dnswkk=notauth,badkey
dns=ok dnswkk=notauth,notsig
dns=ok dnswkk=notsig
dns=ok dnswkk=refused
dns=ok dnswkk=servfail,notsig
dns=ok dnswkk=timeout
dns=ok dnswkk=tsig-bad-class,tsig-wrong-alg,tsig-badtime,notauth,badkey
dns=ok dnswkk=tsig-bad-old-id,notauth,badkey
dns=ok dnswkk=tsig-badtime,notauth,badkey
dns=refused dnswkk=notauth,badkey
dns=servfail dnswkk=notauth,badkey
dns=servfail dnswkk=tsig-wrong-alg,notauth,badkey
of which these are definite miss implementations of TSIG
dns=ok dnswkk=malformed (failed to parse the response, will need to investigate further)
dns=ok dnswkk=notauth,notsig (set rcode to NOTAUTH but failed to send a TSIG record)
dns=ok dnswkk=timeout (stupid firewall probably)
dns=ok dnswkk=tsig-bad-class,tsig-wrong-alg,tsig-badtime,notauth,badkey (bad class field)
And these are in the grey area
dns=ok dnswkk=tsig-bad-old-id,notauth,badkey (old-id not set correctly, behind a proxy with a seperate id space?)
dns=ok dnswkk=tsig-badtime,notauth,badkey (bad clock?)
dns=servfail dnswkk=tsig-wrong-alg,notauth,badkey (request algorithm not set in reply)
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list