[dns-operations] Spoofing DNS with fragments

Mark Andrews marka at isc.org
Fri Sep 14 20:46:37 UTC 2018 

And for the Alexa Top 1 Million sites servers unique by IP address.

Well behaved with respect to TSIG with a well know key.

 312 dnswkk=formerr,notsig
  15 dnswkk=formerr,notsig,opt
   1 dnswkk=formerr,notsig,soa
149863 dnswkk=notauth,badkey
  11 dnswkk=notauth,badkey,opt
 276 dnswkk=notauth,badkey,proxy
   3 dnswkk=notauth,badkey,rd,proxy
44017 dnswkk=notsig
   7 dnswkk=notsig,cd
  72 dnswkk=notsig,noaa
  12 dnswkk=notsig,noaa,rd
 118 dnswkk=notsig,nosoa
 331 dnswkk=notsig,nosoa,noaa
  43 dnswkk=notsig,nosoa,noaa,rd
   3 dnswkk=notsig,nosoa,rd
  15 dnswkk=notsig,opt
   2 dnswkk=notsig,opt,cd
   1 dnswkk=notsig,opt,rd
 131 dnswkk=notsig,rd
  14 dnswkk=nxdomain,notsig
1005 dnswkk=refused,notsig
   4 dnswkk=refused,notsig,opt
   6 dnswkk=refused,notsig,rd
9631 dnswkk=tsig-badtime,notauth,badkey
  36 dnswkk=tsig-badtime,notauth,badkey,proxy

Grey area algorithm not copied:
 140 dnswkk=tsig-wrong-alg,notauth,badkey
   1 dnswkk=tsig-wrong-alg,notauth,badkey,proxy
  35 dnswkk=tsig-wrong-alg,tsig-badtime,notauth,badkey

Wrong rcode (should be FORMERR as per STD13)
 482 dnswkk=notimp,notsig
1444 dnswkk=servfail,notsig

   2 dnswkk=connection-refused
  33 dnswkk=failed

 436 dnswkk=malformed
1202 dnswkk=timeout

Wrong rcode (should be NOTAUTH)

   3 dnswkk=noerror,badkey,nosoa,noaa
 215 dnswkk=refused,badkey
   1 dnswkk=refused,badkey,proxy
   3 dnswkk=tsig-badtime,refused,badkey
   4 dnswkk=tsig-wrong-alg,noerror,badkey,nosoa,noaa
   3 dnswkk=tsig-wrong-alg,tsig-badtime,noerror,badkey,nosoa,noaa

TSIG error code without a TSIG

10262 dnswkk=notauth,notsig

Wrong class
  10 dnswkk=tsig-bad-class,tsig-wrong-alg,tsig-badtime,notauth,badkey

TSIG copied to reply
  42 dnswkk=tsig-bad-sig
 892 dnswkk=tsig-bad-sig,formerr
   1 dnswkk=tsig-bad-sig,formerr,proxy
   8 dnswkk=tsig-bad-sig,formerr,rd
   3 dnswkk=tsig-bad-sig,malformed
   3 dnswkk=tsig-bad-sig,nosoa
   1 dnswkk=tsig-bad-sig,nosoa,noaa
   1 dnswkk=tsig-bad-sig,notauth                (error in TSIG not set)
  59 dnswkk=tsig-bad-sig,refused
  43 dnswkk=tsig-bad-sig,servfail
   3 dnswkk=tsig-not-last,tsig-bad-sig

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

More information about the dns-operations mailing list