[dns-operations] Mysteries of DNSSEC
John Levine
johnl at taugh.com
Sat Mar 30 17:40:52 UTC 2024
I have a stunt DNS server at contacts.abuse.net that synthesizes
answers from a database so if you look up, say,
example.com.contacts.abuse.net it'll give you the contact addresses in
TXT records, the number of contacts in an A record, and some hints
about where the answer came from in HINFO. While I should have been
doing something else, I rewrote it and added DNSSEC support with white
lies, which turned out to be easier than I expected once I figured out
that nearly all the pieces are already in the dnspython and
cryptography libraries.
The first surprise I found is that once I turned it on, nearly every
query, like 99%, asks for DNSSEC. Is this typical or do I have an odd
set of clients?
Another surprise is that I'm getting a lot of repeated DNSKEY queries
even though the TTL is an hour. One repeat customer is Cloudflare,
another is pfsense22.plan-gis.net, at some random company in Germany.
My theories are A) a bunch of different caches behind a load balancer,
B) a too small cache, C) buggy software.
R's,
John
DNSKEY queries from one of Cloudflare's caches
2024-03-30 03:51:32.279107500 172.71.249.53:47231 * . DNSKEY
2024-03-30 03:57:01.371563500 172.71.249.53:44153 * . DNSKEY
2024-03-30 04:02:08.573508500 172.71.249.53:29535 * . DNSKEY
2024-03-30 04:07:16.672879500 172.71.249.53:14468 * . DNSKEY
2024-03-30 04:12:36.354050500 172.71.249.53:59151 * . DNSKEY
2024-03-30 04:17:40.039189500 172.71.249.53:35542 * . DNSKEY
2024-03-30 04:22:43.444358500 172.71.249.53:38801 * . DNSKEY
2024-03-30 04:28:01.418130500 172.71.249.53:36646 * . DNSKEY
2024-03-30 04:33:17.209824500 172.71.249.53:64486 * . DNSKEY
2024-03-30 04:38:49.759567500 172.71.249.53:13480 * . DNSKEY
2024-03-30 04:44:23.887169500 172.71.249.53:25231 * . DNSKEY
2024-03-30 04:49:30.949830500 172.71.249.53:46320 * . DNSKEY
2024-03-30 04:54:49.464021500 172.71.249.53:12684 * . DNSKEY
2024-03-30 05:00:00.759583500 172.71.249.53:47563 * . DNSKEY
2024-03-30 05:05:40.391819500 172.71.249.53:25912 * . DNSKEY
2024-03-30 05:11:04.576372500 172.71.249.53:48818 * . DNSKEY
2024-03-30 05:16:33.577948500 172.71.249.53:16534 * . DNSKEY
2024-03-30 05:21:54.154829500 172.71.249.53:26989 * . DNSKEY
2024-03-30 05:27:37.780330500 172.71.249.53:23883 * . DNSKEY
2024-03-30 05:33:41.024080500 172.71.249.53:17390 * . DNSKEY
2024-03-30 05:38:33.265995500 172.71.249.53:14358 * . DNSKEY
2024-03-30 05:44:09.675873500 172.71.249.53:14478 * . DNSKEY
2024-03-30 05:50:53.181974500 172.71.249.53:54451 * . DNSKEY
2024-03-30 05:55:09.976686500 172.71.249.53:30454 * . DNSKEY
2024-03-30 06:01:47.898687500 172.71.249.53:21261 * . DNSKEY
2024-03-30 06:06:21.924791500 172.71.249.53:34047 * . DNSKEY
2024-03-30 06:11:40.462522500 172.71.249.53:50080 * . DNSKEY
2024-03-30 06:16:46.781015500 172.71.249.53:61581 * . DNSKEY
2024-03-30 06:22:00.428444500 172.71.249.53:15125 * . DNSKEY
2024-03-30 06:27:00.835822500 172.71.249.53:54978 * . DNSKEY
2024-03-30 06:27:01.098742500 172.71.249.53:56790 * . DNSKEY
2024-03-30 06:32:00.035213500 172.71.249.53:27084 * . DNSKEY
2024-03-30 06:32:13.322007500 172.71.249.53:52489 * . DNSKEY
2024-03-30 06:37:23.630744500 172.71.249.53:63976 * . DNSKEY
2024-03-30 06:42:44.669171500 172.71.249.53:31074 * . DNSKEY
2024-03-30 06:48:03.511289500 172.71.249.53:11628 * . DNSKEY
2024-03-30 06:51:45.442612500 172.71.249.53:30454 * . DNSKEY
2024-03-30 06:54:14.358491500 172.71.249.53:63947 * . DNSKEY
2024-03-30 07:00:11.989979500 172.71.249.53:57044 * . DNSKEY
2024-03-30 07:05:56.483600500 172.71.249.53:59681 * . DNSKEY
2024-03-30 07:11:09.013634500 172.71.249.53:29908 * . DNSKEY
2024-03-30 07:11:09.023567500 172.71.249.53:29908 * . DNSKEY
2024-03-30 07:11:44.874678500 172.71.249.53:30844 * . DNSKEY
2024-03-30 07:16:45.461879500 172.71.249.53:26215 * . DNSKEY
2024-03-30 07:21:17.748638500 172.71.249.53:12148 * . DNSKEY
2024-03-30 07:26:26.489270500 172.71.249.53:41121 * . DNSKEY
2024-03-30 07:32:03.916246500 172.71.249.53:64004 * . DNSKEY
2024-03-30 07:32:04.423734500 172.71.249.53:64004 * . DNSKEY
2024-03-30 07:37:53.514963500 172.71.249.53:43346 * . DNSKEY
2024-03-30 07:44:26.978067500 172.71.249.53:16080 * . DNSKEY
2024-03-30 07:49:28.613381500 172.71.249.53:14171 * . DNSKEY
2024-03-30 07:54:46.232407500 172.71.249.53:63113 * . DNSKEY
2024-03-30 07:59:47.147716500 172.71.249.53:46385 * . DNSKEY
2024-03-30 08:04:55.144469500 172.71.249.53:62343 * . DNSKEY
2024-03-30 08:04:55.432569500 172.71.249.53:56633 * . DNSKEY
2024-03-30 08:09:58.732604500 172.71.249.53:39301 * . DNSKEY
2024-03-30 08:15:12.419048500 172.71.249.53:34974 * . DNSKEY
2024-03-30 08:15:12.425827500 172.71.249.53:34974 * . DNSKEY
2024-03-30 08:20:34.437094500 172.71.249.53:17787 * . DNSKEY
2024-03-30 08:25:58.861623500 172.71.249.53:60182 * . DNSKEY
2024-03-30 08:34:16.994333500 172.71.249.53:57296 * . DNSKEY
2024-03-30 08:40:33.705198500 172.71.249.53:24237 * . DNSKEY
2024-03-30 08:45:38.724444500 172.71.249.53:18878 * . DNSKEY
2024-03-30 08:50:59.330848500 172.71.249.53:52902 * . DNSKEY
2024-03-30 08:50:59.574269500 172.71.249.53:59036 * . DNSKEY
2024-03-30 08:56:19.834336500 172.71.249.53:44660 * . DNSKEY
2024-03-30 09:01:26.825269500 172.71.249.53:20044 * . DNSKEY
2024-03-30 09:07:49.816416500 172.71.249.53:64931 * . DNSKEY
2024-03-30 09:13:01.729897500 172.71.249.53:48288 * . DNSKEY
2024-03-30 09:19:28.502530500 172.71.249.53:21930 * . DNSKEY
2024-03-30 09:25:48.838163500 172.71.249.53:35875 * . DNSKEY
2024-03-30 09:32:10.010333500 172.71.249.53:29144 * . DNSKEY
2024-03-30 09:38:41.042109500 172.71.249.53:35969 * . DNSKEY
2024-03-30 09:44:30.567723500 172.71.249.53:15140 * . DNSKEY
2024-03-30 09:49:33.096817500 172.71.249.53:45682 * . DNSKEY
2024-03-30 09:51:48.442200500 172.71.249.53:63755 * . DNSKEY
2024-03-30 09:54:39.583103500 172.71.249.53:24319 * . DNSKEY
2024-03-30 10:00:25.936433500 172.71.249.53:37076 * . DNSKEY
2024-03-30 10:05:42.339864500 172.71.249.53:30974 * . DNSKEY
2024-03-30 10:05:42.355804500 172.71.249.53:30974 * . DNSKEY
2024-03-30 10:10:43.669853500 172.71.249.53:22201 * . DNSKEY
2024-03-30 10:15:44.146371500 172.71.249.53:22852 * . DNSKEY
2024-03-30 10:21:43.131049500 172.71.249.53:13613 * . DNSKEY
2024-03-30 10:27:00.704417500 172.71.249.53:24336 * . DNSKEY
2024-03-30 10:32:45.055937500 172.71.249.53:9873 * . DNSKEY
2024-03-30 10:39:29.288096500 172.71.249.53:27396 * . DNSKEY
2024-03-30 10:46:44.490443500 172.71.249.53:45314 * . DNSKEY
2024-03-30 10:55:32.817503500 172.71.249.53:35362 * . DNSKEY
2024-03-30 11:01:05.972833500 172.71.249.53:15009 * . DNSKEY
2024-03-30 11:05:40.790502500 172.71.249.53:33247 * . DNSKEY
2024-03-30 11:10:46.697207500 172.71.249.53:23301 * . DNSKEY
2024-03-30 11:16:13.847326500 172.71.249.53:26774 * . DNSKEY
2024-03-30 11:22:42.578625500 172.71.249.53:34766 * . DNSKEY
2024-03-30 11:27:42.901836500 172.71.249.53:46182 * . DNSKEY
2024-03-30 11:34:14.171808500 172.71.249.53:9709 * . DNSKEY
2024-03-30 11:39:35.759236500 172.71.249.53:39373 * . DNSKEY
2024-03-30 11:44:36.019194500 172.71.249.53:58716 * . DNSKEY
2024-03-30 11:50:06.390597500 172.71.249.53:25570 * . DNSKEY
2024-03-30 11:55:19.491355500 172.71.249.53:62947 * . DNSKEY
2024-03-30 12:00:57.495383500 172.71.249.53:64373 * . DNSKEY
DNSKEY queries from pfsense22.plan-gis.net
2024-03-30 03:58:12.755891500 168.119.138.225:14430 * . DNSKEY
2024-03-30 03:58:13.025488500 168.119.138.225:26161 * . DNSKEY
2024-03-30 03:58:13.286819500 168.119.138.225:36499 * . DNSKEY
2024-03-30 03:58:13.542286500 168.119.138.225:58062 * . DNSKEY
2024-03-30 03:58:13.793867500 168.119.138.225:23856 * . DNSKEY
2024-03-30 03:58:14.549489500 168.119.138.225:7934 * . DNSKEY
2024-03-30 03:58:14.817605500 168.119.138.225:63893 * . DNSKEY
2024-03-30 03:58:15.088699500 168.119.138.225:63841 * . DNSKEY
2024-03-30 03:58:15.578510500 168.119.138.225:45905 * . DNSKEY
2024-03-30 03:58:15.818841500 168.119.138.225:61399 * . DNSKEY
2024-03-30 03:58:16.150327500 168.119.138.225:22631 * . DNSKEY
2024-03-30 03:58:16.263817500 168.119.138.225:9053 * . DNSKEY
2024-03-30 03:58:17.845264500 168.119.138.225:31012 * . DNSKEY
2024-03-30 03:58:18.589978500 168.119.138.225:58091 * . DNSKEY
2024-03-30 03:58:18.822584500 168.119.138.225:10470 * . DNSKEY
2024-03-30 03:58:19.054065500 168.119.138.225:17478 * . DNSKEY
2024-03-30 03:58:19.285361500 168.119.138.225:9354 * . DNSKEY
2024-03-30 03:58:20.863742500 168.119.138.225:42596 * . DNSKEY
2024-03-30 03:58:21.156727500 168.119.138.225:41118 * . DNSKEY
2024-03-30 03:58:21.492865500 168.119.138.225:33613 * . DNSKEY
2024-03-30 03:58:21.747203500 168.119.138.225:46918 * . DNSKEY
2024-03-30 03:58:21.985495500 168.119.138.225:60941 * . DNSKEY
2024-03-30 03:58:23.563043500 168.119.138.225:50107 * . DNSKEY
2024-03-30 03:58:23.933308500 168.119.138.225:62336 * . DNSKEY
2024-03-30 03:58:24.681236500 168.119.138.225:32405 * . DNSKEY
2024-03-30 03:58:24.957929500 168.119.138.225:10769 * . DNSKEY
2024-03-30 03:58:25.081241500 168.119.138.225:6154 * . DNSKEY
2024-03-30 03:58:25.348758500 168.119.138.225:36051 * . DNSKEY
2024-03-30 03:58:26.078918500 168.119.138.225:63372 * . DNSKEY
2024-03-30 03:58:26.313274500 168.119.138.225:59104 * . DNSKEY
2024-03-30 03:58:26.930248500 168.119.138.225:49733 * . DNSKEY
2024-03-30 03:58:26.941353500 168.119.138.225:36572 * . DNSKEY
2024-03-30 03:58:27.190055500 168.119.138.225:45163 * . DNSKEY
2024-03-30 03:58:27.460796500 168.119.138.225:39165 * . DNSKEY
2024-03-30 06:58:13.971385500 168.119.138.225:17813 * . DNSKEY
2024-03-30 06:58:14.199884500 168.119.138.225:58790 * . DNSKEY
2024-03-30 06:58:14.426196500 168.119.138.225:55013 * . DNSKEY
2024-03-30 06:58:14.968518500 168.119.138.225:8756 * . DNSKEY
2024-03-30 06:58:15.442173500 168.119.138.225:51242 * . DNSKEY
2024-03-30 06:58:16.393743500 168.119.138.225:53513 * . DNSKEY
2024-03-30 06:58:17.224754500 168.119.138.225:34221 * . DNSKEY
2024-03-30 06:58:17.454208500 168.119.138.225:11635 * . DNSKEY
2024-03-30 06:58:17.682995500 168.119.138.225:16885 * . DNSKEY
2024-03-30 06:58:18.402232500 168.119.138.225:33253 * . DNSKEY
2024-03-30 06:58:18.625633500 168.119.138.225:54126 * . DNSKEY
2024-03-30 06:58:19.102284500 168.119.138.225:19320 * . DNSKEY
2024-03-30 06:58:19.435079500 168.119.138.225:36757 * . DNSKEY
2024-03-30 06:58:19.661076500 168.119.138.225:20113 * . DNSKEY
2024-03-30 06:58:20.498197500 168.119.138.225:28018 * . DNSKEY
2024-03-30 06:58:21.573921500 168.119.138.225:46360 * . DNSKEY
2024-03-30 06:58:21.912837500 168.119.138.225:12413 * . DNSKEY
2024-03-30 06:58:22.499374500 168.119.138.225:54440 * . DNSKEY
2024-03-30 06:58:22.831654500 168.119.138.225:43734 * . DNSKEY
2024-03-30 06:58:23.674271500 168.119.138.225:15920 * . DNSKEY
2024-03-30 06:58:23.961391500 168.119.138.225:22057 * . DNSKEY
2024-03-30 06:58:25.171669500 168.119.138.225:56011 * . DNSKEY
2024-03-30 06:58:26.734296500 168.119.138.225:30905 * . DNSKEY
2024-03-30 06:58:27.075362500 168.119.138.225:27625 * . DNSKEY
2024-03-30 06:58:27.301389500 168.119.138.225:35015 * . DNSKEY
2024-03-30 06:58:27.530091500 168.119.138.225:25576 * . DNSKEY
2024-03-30 06:58:28.989486500 168.119.138.225:44506 * . DNSKEY
2024-03-30 06:58:29.217081500 168.119.138.225:9869 * . DNSKEY
2024-03-30 06:58:29.458305500 168.119.138.225:35760 * . DNSKEY
2024-03-30 06:58:29.685465500 168.119.138.225:37859 * . DNSKEY
2024-03-30 06:58:29.912894500 168.119.138.225:35768 * . DNSKEY
2024-03-30 09:58:13.935722500 168.119.138.225:64525 * . DNSKEY
2024-03-30 09:58:16.987376500 168.119.138.225:13339 * . DNSKEY
2024-03-30 09:58:17.493841500 168.119.138.225:58503 * . DNSKEY
2024-03-30 09:58:17.698201500 168.119.138.225:49859 * . DNSKEY
2024-03-30 09:58:18.418257500 168.119.138.225:18418 * . DNSKEY
2024-03-30 09:58:18.647129500 168.119.138.225:33995 * . DNSKEY
2024-03-30 09:58:19.000421500 168.119.138.225:53893 * . DNSKEY
2024-03-30 09:58:19.143696500 168.119.138.225:29765 * . DNSKEY
2024-03-30 09:58:19.753397500 168.119.138.225:47506 * . DNSKEY
2024-03-30 09:58:19.982874500 168.119.138.225:16202 * . DNSKEY
2024-03-30 09:58:20.214093500 168.119.138.225:26877 * . DNSKEY
2024-03-30 09:58:20.327523500 168.119.138.225:37838 * . DNSKEY
2024-03-30 09:58:20.979924500 168.119.138.225:45565 * . DNSKEY
2024-03-30 09:58:21.414288500 168.119.138.225:60418 * . DNSKEY
2024-03-30 09:58:22.485537500 168.119.138.225:60071 * . DNSKEY
2024-03-30 09:58:22.600327500 168.119.138.225:16606 * . DNSKEY
2024-03-30 09:58:22.709214500 168.119.138.225:12627 * . DNSKEY
2024-03-30 09:58:22.937927500 168.119.138.225:12144 * . DNSKEY
2024-03-30 09:58:23.314707500 168.119.138.225:40163 * . DNSKEY
2024-03-30 09:58:23.408767500 168.119.138.225:24983 * . DNSKEY
2024-03-30 09:58:23.635458500 168.119.138.225:23139 * . DNSKEY
2024-03-30 09:58:24.185625500 168.119.138.225:37772 * . DNSKEY
2024-03-30 09:58:24.284155500 168.119.138.225:64413 * . DNSKEY
2024-03-30 09:58:24.520522500 168.119.138.225:5823 * . DNSKEY
2024-03-30 09:58:25.111107500 168.119.138.225:7616 * . DNSKEY
2024-03-30 09:58:25.472469500 168.119.138.225:44813 * . DNSKEY
2024-03-30 09:58:25.804166500 168.119.138.225:33061 * . DNSKEY
2024-03-30 09:58:26.071902500 168.119.138.225:51757 * . DNSKEY
2024-03-30 09:58:26.139499500 168.119.138.225:56159 * . DNSKEY
2024-03-30 09:58:26.164757500 168.119.138.225:63989 * . DNSKEY
2024-03-30 09:58:26.388962500 168.119.138.225:26033 * . DNSKEY
2024-03-30 09:58:27.042512500 168.119.138.225:44633 * . DNSKEY
2024-03-30 09:58:27.959083500 168.119.138.225:22534 * . DNSKEY
2024-03-30 09:58:28.183008500 168.119.138.225:22872 * . DNSKEY
2024-03-30 09:58:28.408971500 168.119.138.225:48605 * . DNSKEY
2024-03-30 09:58:28.635488500 168.119.138.225:53836 * . DNSKEY
2024-03-30 09:58:28.862036500 168.119.138.225:35336 * . DNSKEY
2024-03-30 09:58:30.313376500 168.119.138.225:60186 * . DNSKEY
2024-03-30 09:58:30.539511500 168.119.138.225:8595 * . DNSKEY
2024-03-30 09:58:30.949880500 168.119.138.225:28822 * . DNSKEY
2024-03-30 09:58:30.951688500 168.119.138.225:36559 * . DNSKEY
2024-03-30 09:58:31.017856500 168.119.138.225:63027 * . DNSKEY
2024-03-30 09:58:31.241271500 168.119.138.225:7585 * . DNSKEY
2024-03-30 09:58:32.690842500 168.119.138.225:58131 * . DNSKEY
2024-03-30 09:58:32.916861500 168.119.138.225:26102 * . DNSKEY
2024-03-30 09:58:33.140333500 168.119.138.225:11809 * . DNSKEY
2024-03-30 09:58:33.366418500 168.119.138.225:64850 * . DNSKEY
2024-03-30 09:58:33.593463500 168.119.138.225:60554 * . DNSKEY
2024-03-30 09:58:35.863877500 168.119.138.225:58654 * . DNSKEY
2024-03-30 09:58:39.032682500 168.119.138.225:53459 * . DNSKEY
2024-03-30 09:58:45.332937500 168.119.138.225:57134 * . DNSKEY
2024-03-30 09:58:51.657320500 168.119.138.225:63069 * . DNSKEY
2024-03-30 09:58:54.784624500 168.119.138.225:32793 * . DNSKEY
2024-03-30 09:58:57.930968500 168.119.138.225:21701 * . DNSKEY
2024-03-30 09:59:07.330033500 168.119.138.225:45889 * . DNSKEY
2024-03-30 09:59:10.830164500 168.119.138.225:33256 * . DNSKEY
2024-03-30 12:58:16.359326500 168.119.138.225:11674 * . DNSKEY
2024-03-30 12:58:16.697815500 168.119.138.225:47389 * . DNSKEY
2024-03-30 12:58:16.928248500 168.119.138.225:58623 * . DNSKEY
2024-03-30 12:58:17.155255500 168.119.138.225:35809 * . DNSKEY
2024-03-30 12:58:17.384435500 168.119.138.225:9869 * . DNSKEY
2024-03-30 12:58:18.222536500 168.119.138.225:11772 * . DNSKEY
2024-03-30 12:58:18.562636500 168.119.138.225:65017 * . DNSKEY
2024-03-30 12:58:18.788685500 168.119.138.225:59588 * . DNSKEY
2024-03-30 12:58:19.015044500 168.119.138.225:39059 * . DNSKEY
2024-03-30 12:58:19.244274500 168.119.138.225:20887 * . DNSKEY
2024-03-30 12:58:19.840621500 168.119.138.225:54340 * . DNSKEY
2024-03-30 12:58:21.039266500 168.119.138.225:27085 * . DNSKEY
2024-03-30 12:58:21.749879500 168.119.138.225:35403 * . DNSKEY
2024-03-30 12:58:22.092610500 168.119.138.225:23959 * . DNSKEY
2024-03-30 12:58:22.686228500 168.119.138.225:8217 * . DNSKEY
2024-03-30 12:58:24.485025500 168.119.138.225:63191 * . DNSKEY
2024-03-30 12:58:24.822197500 168.119.138.225:64750 * . DNSKEY
2024-03-30 12:58:25.047262500 168.119.138.225:49705 * . DNSKEY
2024-03-30 12:58:25.274961500 168.119.138.225:20971 * . DNSKEY
2024-03-30 12:58:25.500995500 168.119.138.225:48850 * . DNSKEY
2024-03-30 12:58:27.117103500 168.119.138.225:40129 * . DNSKEY
2024-03-30 12:58:27.456604500 168.119.138.225:4211 * . DNSKEY
2024-03-30 12:58:27.666446500 168.119.138.225:26402 * . DNSKEY
2024-03-30 12:58:28.012065500 168.119.138.225:43730 * . DNSKEY
2024-03-30 12:58:28.240125500 168.119.138.225:36839 * . DNSKEY
2024-03-30 12:58:29.820363500 168.119.138.225:43506 * . DNSKEY
2024-03-30 12:58:30.156101500 168.119.138.225:30261 * . DNSKEY
2024-03-30 12:58:30.382673500 168.119.138.225:30282 * . DNSKEY
2024-03-30 12:58:30.611346500 168.119.138.225:47033 * . DNSKEY
2024-03-30 12:58:30.837011500 168.119.138.225:30536 * . DNSKEY
More information about the dns-operations
mailing list