[dns-operations] Surprising ds.fedex.com NS RRset.

Fri Mar 5 07:59:04 UTC 2021

Looks like FedEx's MS Active Directory zone. It's an odd zone, as it's generally not directly managed - rather AD adds those and similar records automatically as other things are deployed.

E.g. try a SRV lookup for _ldap._tcp.dc._msdcs.ds.fedex.com ..

Kiall

Sent from ProtonMail mobile

-------- Original Message --------
On 5 Mar 2021, 07:16, Viktor Dukhovni wrote:

> The below was just brought to my attention, a domain with 81(!) records
> in its NS RRSet (3201 bytes over TCP):
>
> ; <<>> DiG 9.16.11 <<>> +nocl +nottl -t ns ds.fedex.com
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57356
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 81, AUTHORITY: 0, ADDITIONAL: 79
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 8192
> ;; QUESTION SECTION:
> ;ds.fedex.com. IN NS
>
> ;; ANSWER SECTION:
> ds.fedex.com. NS kate.fedex.com.
> ds.fedex.com. NS land.fedex.com.
> ds.fedex.com. NS corp-bru-dc01.corp.ds.fedex.com.
> ds.fedex.com. NS corp-bru-dc02.corp.ds.fedex.com.
> ds.fedex.com. NS corp-ccoh-dc3.corp.ds.fedex.com.
> ds.fedex.com. NS corp-ccoh-dc4.corp.ds.fedex.com.
> ds.fedex.com. NS corp-ccpa-dc5.corp.ds.fedex.com.
> ds.fedex.com. NS corp-hro-dc01.corp.ds.fedex.com.
> ds.fedex.com. NS corp-hro-dc02.corp.ds.fedex.com.
> ds.fedex.com. NS corp-kno-dc01.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00020.ds.fedex.com.
> ds.fedex.com. NS pwn00292.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00299.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00381.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00382.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00383.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00384.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00385.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00499.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00543.ds.fedex.com.
> ds.fedex.com. NS pwn00544.ds.fedex.com.
> ds.fedex.com. NS pwn00545.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00546.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00547.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00548.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00549.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00959.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00960.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00961.corp.ds.fedex.com.
> ds.fedex.com. NS pwn00965.corp.ds.fedex.com.
> ds.fedex.com. NS pwn01400.ds.fedex.com.
> ds.fedex.com. NS pwn01401.ds.fedex.com.
> ds.fedex.com. NS pwn02099.ds.fedex.com.
> ds.fedex.com. NS pwn02100.corp.ds.fedex.com.
> ds.fedex.com. NS pwn02999.corp.ds.fedex.com.
> ds.fedex.com. NS pwn03000.ds.fedex.com.
> ds.fedex.com. NS pwn03555.corp.ds.fedex.com.
> ds.fedex.com. NS pwn03556.corp.ds.fedex.com.
> ds.fedex.com. NS pwn03557.corp.ds.fedex.com.
> ds.fedex.com. NS pwn03558.corp.ds.fedex.com.
> ds.fedex.com. NS pwn03559.corp.ds.fedex.com.
> ds.fedex.com. NS pwn08184.corp.ds.fedex.com.
> ds.fedex.com. NS pwn08185.corp.ds.fedex.com.
> ds.fedex.com. NS pwn08186.corp.ds.fedex.com.
> ds.fedex.com. NS pwn08187.corp.ds.fedex.com.
> ds.fedex.com. NS pwn08188.corp.ds.fedex.com.
> ds.fedex.com. NS pwn59500.corp.ds.fedex.com.
> ds.fedex.com. NS pwn59501.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60184.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60185.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60186.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60188.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60189.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60190.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60191.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60192.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60193.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60194.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60195.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60196.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60197.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60204.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60205.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60206.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60207.corp.ds.fedex.com.
> ds.fedex.com. NS pwn60208.corp.ds.fedex.com.
> ds.fedex.com. NS pwn90056.corp.ds.fedex.com.
> ds.fedex.com. NS pwn90057.corp.ds.fedex.com.
> ds.fedex.com. NS pwn90148.corp.ds.fedex.com.
> ds.fedex.com. NS pwn90149.corp.ds.fedex.com.
> ds.fedex.com. NS pwn90150.corp.ds.fedex.com.
> ds.fedex.com. NS pwn90152.corp.ds.fedex.com.
> ds.fedex.com. NS pwn90153.corp.ds.fedex.com.
> ds.fedex.com. NS pwna0001.corp.ds.fedex.com.
> ds.fedex.com. NS pwna0002.corp.ds.fedex.com.
> ds.fedex.com. NS pwna0003.corp.ds.fedex.com.
> ds.fedex.com. NS pwna0004.corp.ds.fedex.com.
> ds.fedex.com. NS pwniebn0003.corp.ds.fedex.com.
> ds.fedex.com. NS pwniebn0004.corp.ds.fedex.com.
> ds.fedex.com. NS pwniebn0005.corp.ds.fedex.com.
> ds.fedex.com. NS pwniebn0006.corp.ds.fedex.com.
>
> ;; ADDITIONAL SECTION:
> corp-bru-dc01.corp.ds.fedex.com. A 170.86.43.56
> corp-bru-dc02.corp.ds.fedex.com. A 170.86.44.208
> corp-ccoh-dc3.corp.ds.fedex.com. A 172.20.240.20
> corp-ccoh-dc4.corp.ds.fedex.com. A 172.20.240.21
> corp-ccpa-dc5.corp.ds.fedex.com. A 172.20.128.20
> corp-hro-dc01.corp.ds.fedex.com. A 10.10.1.94
> corp-hro-dc02.corp.ds.fedex.com. A 10.10.1.243
> pwn00020.ds.fedex.com. A 204.135.42.42
> pwn00292.corp.ds.fedex.com. A 204.135.242.21
> pwn00299.corp.ds.fedex.com. A 204.135.42.193
> pwn00381.corp.ds.fedex.com. A 204.135.242.22
> pwn00382.corp.ds.fedex.com. A 204.135.242.23
> pwn00383.corp.ds.fedex.com. A 204.135.242.24
> pwn00384.corp.ds.fedex.com. A 204.135.242.25
> pwn00385.corp.ds.fedex.com. A 204.135.242.26
> pwn00499.corp.ds.fedex.com. A 204.135.32.235
> pwn00543.ds.fedex.com. A 10.76.12.54
> pwn00544.ds.fedex.com. A 10.76.12.55
> pwn00545.corp.ds.fedex.com. A 10.76.12.56
> pwn00546.corp.ds.fedex.com. A 10.76.12.57
> pwn00547.corp.ds.fedex.com. A 10.76.12.58
> pwn00548.corp.ds.fedex.com. A 10.76.12.59
> pwn00549.corp.ds.fedex.com. A 10.76.12.60
> pwn00959.corp.ds.fedex.com. A 204.135.36.89
> pwn00960.corp.ds.fedex.com. A 204.135.36.90
> pwn00961.corp.ds.fedex.com. A 204.135.36.91
> pwn00965.corp.ds.fedex.com. A 204.135.242.105
> pwn01400.ds.fedex.com. A 204.135.235.52
> pwn01401.ds.fedex.com. A 204.135.235.53
> pwn02099.ds.fedex.com. A 10.242.72.152
> pwn02100.corp.ds.fedex.com. A 10.242.72.153
> pwn02999.corp.ds.fedex.com. A 10.236.22.62
> pwn03000.ds.fedex.com. A 10.236.22.63
> pwn03555.corp.ds.fedex.com. A 204.135.242.27
> pwn03556.corp.ds.fedex.com. A 204.135.242.28
> pwn03557.corp.ds.fedex.com. A 204.135.242.29
> pwn03558.corp.ds.fedex.com. A 204.135.242.30
> pwn03559.corp.ds.fedex.com. A 204.135.242.31
> pwn08184.corp.ds.fedex.com. A 204.135.46.135
> pwn08185.corp.ds.fedex.com. A 204.135.46.136
> pwn08186.corp.ds.fedex.com. A 204.135.46.137
> pwn08187.corp.ds.fedex.com. A 204.135.46.77
> pwn08188.corp.ds.fedex.com. A 204.135.46.78
> pwn59500.corp.ds.fedex.com. A 10.10.41.96
> pwn59501.corp.ds.fedex.com. A 10.10.41.97
> pwn60184.corp.ds.fedex.com. A 204.135.36.198
> pwn60185.corp.ds.fedex.com. A 204.135.36.199
> pwn60186.corp.ds.fedex.com. A 204.135.36.200
> pwn60188.corp.ds.fedex.com. A 204.135.36.202
> pwn60189.corp.ds.fedex.com. A 204.135.36.203
> pwn60190.corp.ds.fedex.com. A 204.135.36.204
> pwn60191.corp.ds.fedex.com. A 204.135.38.224
> pwn60192.corp.ds.fedex.com. A 204.135.38.225
> pwn60193.corp.ds.fedex.com. A 204.135.38.226
> pwn60194.corp.ds.fedex.com. A 204.135.38.227
> pwn60195.corp.ds.fedex.com. A 204.135.38.228
> pwn60196.corp.ds.fedex.com. A 204.135.38.229
> pwn60197.corp.ds.fedex.com. A 204.135.38.230
> pwn60204.corp.ds.fedex.com. A 204.135.33.20
> pwn60205.corp.ds.fedex.com. A 204.135.242.125
> pwn60206.corp.ds.fedex.com. A 204.135.242.126
> pwn60207.corp.ds.fedex.com. A 204.135.242.127
> pwn60208.corp.ds.fedex.com. A 204.135.242.128
> pwn90056.corp.ds.fedex.com. A 10.236.20.34
> pwn90057.corp.ds.fedex.com. A 10.236.20.35
> pwn90148.corp.ds.fedex.com. A 10.76.48.73
> pwn90149.corp.ds.fedex.com. A 10.76.48.74
> pwn90150.corp.ds.fedex.com. A 10.76.48.75
> pwn90152.corp.ds.fedex.com. A 10.76.48.77
> pwn90153.corp.ds.fedex.com. A 10.76.48.78
> pwna0001.corp.ds.fedex.com. A 10.45.8.134
> pwna0002.corp.ds.fedex.com. A 10.45.8.135
> pwna0003.corp.ds.fedex.com. A 10.45.8.136
> pwna0004.corp.ds.fedex.com. A 10.45.8.137
> pwniebn0003.corp.ds.fedex.com. A 10.37.106.129
> pwniebn0004.corp.ds.fedex.com. A 10.37.106.130
> pwniebn0005.corp.ds.fedex.com. A 10.37.106.131
> pwniebn0006.corp.ds.fedex.com. A 10.37.106.132
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Fri Mar 05 01:59:48 EST 2021
> ;; MSG SIZE rcvd: 3201
>
> --
> Viktor.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20210305/f1b19119/attachment.html>