[dns-operations] weird queries for mx1.mx2.mx1.mx2...

John Levine johnl at taugh.com
Tue Mar 31 20:38:09 UTC 2020


In article <20200331092538.GY41308 at straasha.imrryr.org> you write:
>> mx1.mx1.mx2.mx2.mx2.mx1.mx2.mx1.mta-sts.mx2.mx1.mx1.mx2.mx2.mx2.mx1.mx2.maxonsoftware.com. A
>> 
>> mx2.mx1.mx2.mx1.mx1.mx2.mta-sts.mx1.mx2.mx2.mx1.mx2.mx1.mx2.cineversityoneonone.net. A
>> 
>> mx2.mx1.mx1.mx1.mx2.mx2.mx2.mta-sts.mx1.mx2.mx1.mx1.mta-sts.mx2.mx2.mx2.effluentialtechnologies.net. A
>
>The DNS for these domains is busted, the servers return NoError
>responses, no answer, authority or additional records other than OPT...

Try asking for A records for *.cineversityoneonone.net and you'll get one, that
points to a live web server.

They're wildcarded and point it returns a page that says deletion is
pending for any URL, including
mta-sts.<anything>.<domain>/.well-known/mta-sts.txt

It looks like someone's mta-sts checker does not deal well with a big
blob of html and javascript when it's expecting three lines of ASCII.
It's clearly a bug, not malicious but I do wonder who it is.

Perhaps I can set up a broken domain like that and see who comes visiting.

-- 
Regards,
John Levine, johnl at taugh.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly


More information about the dns-operations mailing list