[dns-operations] Spoofing DNS with fragments
Mark Andrews
marka at isc.org
Fri Sep 14 05:12:30 UTC 2018
And these ones incorrectly set rcode to REFUSED rather than BADAUTH.
% dig fi. @87.239.127.198 soa -y hmac-sha256:.:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= +noedns +noad +norec ; date +%s
;; Couldn't verify signature: tsig indicates error
; <<>> DiG 9.13.1+hotspot+add-prefetch+marka <<>> fi. @87.239.127.198 soa -y hmac-sha256:.:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= +noedns +noad +norec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 24253
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; QUESTION SECTION:
;fi. IN SOA
;; TSIG PSEUDOSECTION:
. 0 ANY TSIG hmac-sha256. 1536900526 300 0 24253 BADKEY 0
;; Query time: 528 msec
;; SERVER: 87.239.127.198#53(87.239.127.198)
;; WHEN: Fri Sep 14 14:48:47 AEST 2018
;; MSG SIZE rcvd: 60
;; WARNING -- Some TSIG could not be validated
%
fi. @87.239.127.198 (f.fi.): dns=ok dnswkk=refused,badkey
fi. @2a00:13f0:0:3::aaaa (f.fi.): dns=ok dnswkk=refused,badkey
ir. @193.189.122.83 (b.nic.ir.): dns=ok dnswkk=refused,badkey
ua. @216.218.215.27 (he1.ns.ua.): dns=ok dnswkk=refused,badkey
ua. @2001:470:2e:1::27 (he1.ns.ua.): dns=ok dnswkk=refused,badkey
xn--j1amh. @142.4.207.159 (dns1.u-registry.com.): dns=ok dnswkk=refused,badkey
xn--j1amh. @2a02:128:2:3::5 (dns2.u-registry.net.): dns=ok dnswkk=refused,badkey
xn--j1amh. @37.187.75.31 (dns3.dotukr.com.): dns=ok dnswkk=refused,badkey
xn--j1amh. @2001:41d0:a:2b1f::1 (dns3.dotukr.com.): dns=ok dnswkk=refused,badkey
xn--mgba3a4f16a. @193.189.122.83 (ns.irnic.ir.): dns=ok dnswkk=refused,badkey
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list