[dns-operations] Looking for someone in charge for gtm-ext.dla.mil, DNSSEC validates as Bogus
Simon Arlott
simon at arlott.org
Thu Mar 11 23:54:29 UTC 2021
On 11/03/2021 23:36, Casey Deccio wrote:
> Oh, I see now. The actual delegation is missing completely, as far as I can tell.
>
> $ dig +short @ns1.dla.mil gtm-ext.dla.mil a
> $ dig +short @ns1.dla.mil gtm-ext.dla.mil aaaa
> $ dig +short @ns1.dla.mil gtm-ext.dla.mil ns
The TTLs go down when querying ns1 and ns4, so it's proxying for
something else.
There are NS records, but you can only get them if you query for ANY,
and only some of the time depending on which load balancer you hit:
$ dig @ns1.dla.mil gtm-ext.dla.mil any +nord
; <<>> DiG 9.11.3-1ubuntu1.14-Ubuntu <<>> +edns=0 +multiline @ns1.dla.mil gtm-ext.dla.mil any +nord
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12196
;; flags: qr aa; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gtm-ext.dla.mil. IN ANY
;; ANSWER SECTION:
gtm-ext.dla.mil. 2768 IN RRSIG DNSKEY 8 3 10800 (
20210316072845 20210309062845 33646 gtm-ext.dla.mil.
Y/SRn1gSny4y227Tw63EOWWxvfgqqBORRrxxtZQZSHOT
I+gtGaRI8UXcww8P+M9pW2LgfnH5IjDj7Y8vv4Shyw1O
I1yLIUVQZDlOrL/w1pPod9vOyl8WyLZkt9g6u0WLUluR
UuV+xZ4y7CSZ2VOORryh/cWZjaOYnSc2TAkf8RrFB65Q
4Yweo4AHM4OdlZuR5nsSlYny2lBBmAysaZdTyOb+/yNN
E5FCuW0Opq/d0YGDEgdMJZafeN65xKuIK/5HNQAUyHw2
GmYHck3X1Awf0cENw5W+dIeqg0bdHGU5GbJF9O0ctPAL
Sa2/JRV76b2NVBFKAKSivM2tAjlk6iz2mg== )
gtm-ext.dla.mil. 2768 IN RRSIG DNSKEY 8 3 10800 (
20210316072845 20210309062845 29085 gtm-ext.dla.mil.
nnRCF/XioY5fo1AuwJT9bITXO0kFyFdPKr7p76S6Hft+
pSEkkTM8Mq7YijkWHt7HW8L2ae0K+Ag9ogrAKCIhPBOG
A4WSM/faB62yzWwasRC/RDTUSI93eFj1PLD4b3Fj1GNL
ECQTgWS8KjctT42M8xjz5NE/EY+bTsxL+yYouzw= )
gtm-ext.dla.mil. 2768 IN DNSKEY 257 3 8 (
AwEAAakiB93xx2GkyKCjqE9tsGE8Xb/cbS9oW+AIjD23
bvsRxRVczDUchMbw6RvbJq/qH9rdspXCStgpdEvLWXWC
0cCTkx/cJ8hf3UJMgMj3jd3lTxSo1KJaS5DXRdJR2+Ou
YEUZ3NMVJZhuJsVlYDJRFWOrnLOxuWYU65aY/eRE7rp9
Z9aPN21bIDzokmVI9L3v8hd3ApQJhe2B4hnuKvvU5R+0
lDkK9t2cHjvrh3ggAhR9fqZIUkVWzZA01mgJR3D8gt1M
iwX9sPGwSAmCHCGdljrhvPy675CBt3cSdhCced1Ys4eI
zblyp/fWsdRGaldYWWZYQUw21NGzCVTd0faNSpc=
) ; KSK; alg = RSASHA256 ; key id = 33646
gtm-ext.dla.mil. 2768 IN DNSKEY 256 3 8 (
AwEAAcldZpiH0g67gZS8K0T7VxRXumVxDinai8hrK17P
zRZlAn63Zx5eNOFMql4TZ1e2eT3lwwH1zMx8mWbQqvQa
fbhlkm9onfnJkAa7oaRpi/YHK/lStrBadmYx6aE/DOz+
7o5EM/mYlvfoS0kQm0RR21aMxNZ4za1mbV5N13OY5Nhj
) ; ZSK; alg = RSASHA256 ; key id = 29085
gtm-ext.dla.mil. 875 IN NS hl-doddmz-gtm-ur.dla.mil.
gtm-ext.dla.mil. 875 IN NS co-doddmz-gtm-ur.dla.mil.
gtm-ext.dla.mil. 35173 IN RRSIG DS 8 3 86400 (
20210320013600 20210310012713 58143 dla.mil.
mOpFYLQH8NkyFO3d7FCzCeZACD8puDeu2QW/dTRt4Hai
CtWpD0zzwrjmt4yg4RY8cf35BSsMqt95Cgz6Rxvgea58
8ZYyJoi+he6N/2gHZgBUbYlJPR38vGuYYka/oKhhccGy
3VBFc2JrvYZ/y+yProfjWii8hTVglZE9hb0ch70= )
gtm-ext.dla.mil. 35173 IN DS 33646 8 1 (
6F6FAF621C1DBD3966B1B2FAC3F41F773A297388 )
gtm-ext.dla.mil. 35173 IN DS 33646 8 2 (
CF58476A6E7145302866A112677862F08BB29611B6AC
DBED0FC44997BB75D8BA )
;; Query time: 120 msec
;; SERVER: 206.38.35.3#53(206.38.35.3)
;; WHEN: Thu Mar 11 23:49:49 GMT 2021
;; MSG SIZE rcvd: 1259
--
Simon Arlott
More information about the dns-operations
mailing list