[dns-operations] sophosxl.net problem?

Ambauen Daniel (ID NET) daniel.ambauen at id.ethz.ch
Fri Oct 25 06:38:59 UTC 2019 

Hello 

The Sophos Web Protection Service is answering all DNS queries without an AA flag.
Is an "authoritative" DNS response without a set AA flag a major DNS protocol violation? 

Oct 24 17:40:44 [1]   Nameserver ns.sxl31.sophosxl.net IPs: 34.252.84.252(0.00ms), 52.19.19.59(0.00ms)
Oct 24 17:40:44 [1] jjj.tnynkhf.pu.m.06.s.sophosxl.net: Resolved 'm.06.s.sophosxl.net' NS ns.sxl31.sophosxl.net to: 34.252.84.252, 52.19.19.59
Oct 24 17:40:44 [1] jjj.tnynkhf.pu.m.06.s.sophosxl.net: Trying IP 34.252.84.252:53, asking 'jjj.tnynkhf.pu.m.06.s.sophosxl.net|TXT'
Oct 24 17:40:44 [1] jjj.tnynkhf.pu.m.06.s.sophosxl.net: Got 1 answers from ns.sxl31.sophosxl.net (34.252.84.252), rcode=0 (No Error), aa=0, in 37ms
Oct 24 17:40:44 [1] Removing record 'jjj.tnynkhf.pu.m.06.s.sophosxl.net|TXT|"w l h 2c 1200311811\009#f77a3b635711f65f"' in the answer section without the AA bit set received from m.06.s.sophosxl.net
Oct 24 17:40:44 [1] jjj.tnynkhf.pu.m.06.s.sophosxl.net: determining status after receiving this packet
Oct 24 17:40:44 [1] jjj.tnynkhf.pu.m.06.s.sophosxl.net: Trying IP 52.19.19.59:53, asking 'jjj.tnynkhf.pu.m.06.s.sophosxl.net|TXT'
Oct 24 17:40:44 [1] jjj.tnynkhf.pu.m.06.s.sophosxl.net: Got 1 answers from ns.sxl31.sophosxl.net (52.19.19.59), rcode=0 (No Error), aa=0, in 37ms
Oct 24 17:40:44 [1] Removing record 'jjj.tnynkhf.pu.m.06.s.sophosxl.net|TXT|"w l h 2c 1200311811\009#f77a3b635711f65f"' in the answer section without the AA bit set received from m.06.s.sophosxl.net
Oct 24 17:40:44 [1] jjj.tnynkhf.pu.m.06.s.sophosxl.net: determining status after receiving this packet
Oct 24 17:40:44 [1] jjj.tnynkhf.pu.m.06.s.sophosxl.net: Failed to resolve via any of the 1 offered NS at level 'm.06.s.sophosxl.net'
Oct 24 17:40:44 [1] jjj.tnynkhf.pu.m.06.s.sophosxl.net: failed (res=-1)
Oct 24 17:40:44 3 [1/1] answer to question 'jjj.tnynkhf.pu.m.06.s.sophosxl.net|TXT': 0 answers, 1 additional, took 10 packets, 263.966 netw ms, 305.922 tot ms, 0 throttled, 0 timeouts, 0 tcp connections, rcode=2

Kind regards
Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4315 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20191025/c98992dc/attachment.bin>

More information about the dns-operations mailing list