<div dir="ltr">This looks very broken. Here are checks of the "m.email..." and "email..." domains - both exhibit many protocol errors:<br><div><a href="https://ednscomp.isc.org/ednscomp/7225e09225" target="_blank">https://ednscomp.isc.org/ednscomp/7225e09225</a></div><div><a href="https://ednscomp.isc.org/ednscomp/e9310fc22b" target="_blank">https://ednscomp.isc.org/ednscomp/e9310fc22b</a><br></div><div><br></div><div>I am including in this mail the RNAME from the SOA (same for both zones) in the hope that someone who is responsible for DNS at Sony entertainment will see this and take note.</div><div><br></div><div>Cheers, Greg</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, 29 Jul 2022 at 22:09, Puneet Sood via dns-operations <<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><br><br><br>---------- Forwarded message ----------<br>From: Puneet Sood <<a href="mailto:puneets@google.com" target="_blank">puneets@google.com</a>><br>To: dns-operations <<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>><br>Cc: <br>Bcc: <br>Date: Fri, 29 Jul 2022 17:04:28 -0400<br>Subject: Name servers returning incorrectly truncated UDP responses<br><div dir="ltr"><div class="gmail_default" style="font-size:small">Hello,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">While making our DNS response validation stricter, we have noticed that a number of name servers return badly truncated UDP responses. This sometimes happens with incorrect Answer section RR count.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">$ dig <a href="http://m.email.sonyentertainmentnetwork.com" target="_blank">m.email.sonyentertainmentnetwork.com</a>. TXT @<a href="http://e.ns.email.sonyentertainmentnetwork.com" target="_blank">e.ns.email.sonyentertainmentnetwork.com</a><br>;; Warning: Message parser reports malformed message packet.<br>;; Truncated, retrying in TCP mode.<br><br>; <<>> DiG 9.18.3-1+build1-Debian <<>> <a href="http://m.email.sonyentertainmentnetwork.com" target="_blank">m.email.sonyentertainmentnetwork.com</a>. TXT @<a href="http://e.ns.email.sonyentertainmentnetwork.com" target="_blank">e.ns.email.sonyentertainmentnetwork.com</a><br>;; global options: +cmd<br>;; Got answer:<br>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24446<br>;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<br>;; WARNING: recursion requested but not available<br><br>;; QUESTION SECTION:<br>;<a href="http://m.email.sonyentertainmentnetwork.com" target="_blank">m.email.sonyentertainmentnetwork.com</a>. IN TXT<br><br>;; ANSWER SECTION:<br><a href="http://m.email.sonyentertainmentnetwork.com" target="_blank">m.email.sonyentertainmentnetwork.com</a>. 3600 IN TXT "v=spf1 a mx ip4:<a href="http://63.236.31.220/31" target="_blank">63.236.31.220/31</a> ip4:<a href="http://8.30.201.100/31" target="_blank">8.30.201.100/31</a> ip4:63.236.84.160 ip4:8.30.201.16 ip4:4.22.42.19 ip4:<a href="http://4.22.42.20/30" target="_blank">4.22.42.20/30</a> ip4:4.2" "2.42.24/31 ip4:4.22.42.26 ip4:<a href="http://72.166.182.10/31" target="_blank">72.166.182.10/31</a> ip4:<a href="http://72.166.182.12/31" target="_blank">72.166.182.12/31</a> ip4:<a href="http://72.166.182.18/31" target="_blank">72.166.182.18/31</a> ip4:<a href="http://72.166.182.20/30" target="_blank">72.166.182.20/30</a> ip4:<a href="http://207.251.96.0/" target="_blank">207.251.96.0/</a>" "24 ip4:<a href="http://65.125.54.0/24" target="_blank">65.125.54.0/24</a> ip4:<a href="http://63.232.57.0/24" target="_blank">63.232.57.0/24</a> ip4:<a href="http://208.49.63.128/28" target="_blank">208.49.63.128/28</a> ip4:<a href="http://63.211.90.16/29" target="_blank">63.211.90.16/29</a> ip4:<a href="http://8.7.42.16/29" target="_blank">8.7.42.16/29</a> ip4:<a href="http://8.7.43.16/29" target="_blank">8.7.43.16/29</a> ip4:63.232." "236.144/29 ip4:<a href="http://8.7.44.144/29" target="_blank">8.7.44.144/29</a> ip4:<a href="http://63.236.31.128/26" target="_blank">63.236.31.128/26</a> ip4:<a href="http://63.236.76.0/23" target="_blank">63.236.76.0/23</a> ip4:<a href="http://8.30.201.0/26" target="_blank">8.30.201.0/26</a> ~all"<br><br>;; Query time: 4 msec<br>;; SERVER: 207.251.96.133#53(<a href="http://e.ns.email.sonyentertainmentnetwork.com" target="_blank">e.ns.email.sonyentertainmentnetwork.com</a>) (TCP)<br>;; WHEN: Fri Jul 29 16:57:51 EDT 2022<br>;; MSG SIZE rcvd: 542<br><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">While the affected operators are spread around the world, the similarity of the bad response across operators appears to suggest the DNS software may be from the same or closely related source. These servers do not respond to a version.bind query.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Have you seen similar bad responses? Do you have an idea of the provenance of this software?</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Thanks,</div><div class="gmail_default" style="font-size:small">Puneet</div><div class="gmail_default" style="font-size:small"><br></div></div>
<br><br><br>---------- Forwarded message ----------<br>From: Puneet Sood via dns-operations <<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>><br>To: dns-operations <<a href="mailto:dns-operations@dns-oarc.net" target="_blank">dns-operations@dns-oarc.net</a>><br>Cc: <br>Bcc: <br>Date: Fri, 29 Jul 2022 17:04:28 -0400<br>Subject: [dns-operations] Name servers returning incorrectly truncated UDP responses<br>_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net" target="_blank">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
</blockquote></div>