dns blacklist?

Sten Carlsen stenc at s-carlsen.dk
Thu Jul 26 09:53:54 UTC 2012 

Hello

How will this work if you use e.g.-t a?

dig -t any will show the content of the local cache, so this just means
your cache is empty.


On 26/07/12 11:28, Pavel Urban wrote:
> Hello,
>
> one of our customers asked us to take a look at strange problem. One
> address seems to 'work' in Germany, but not here. So I've tried it and
> found this:
>
> [pupu at aphrael ~]$ dig www.thomascook.de -t any
>
> ; <<>> DiG 9.9.1-P1-RedHat-9.9.1-2.P1.fc17 <<>> www.thomascook.de -t any
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23750
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1280
> ;; QUESTION SECTION:
> ;www.thomascook.de.             IN      ANY
>
> ;; ANSWER SECTION:
> www.thomascook.de.      600     IN      CNAME  
> www.thomascook.de.nsatc.net.
>
> ;; ADDITIONAL SECTION:
> www.thomascook.de.nsatc.net. 300 IN     A       127.0.0.2
>
> ;; Query time: 75 msec
> ;; SERVER: 192.168.96.11#53(192.168.96.11)
> ;; WHEN: Thu Jul 26 11:10:41 2012
> ;; MSG SIZE  rcvd: 103
>
> Well, that probably 'doesn't work', but it shouldn't work worldwide.
> The strange thing appears when I try to ask differently. First, I
> check authorities for this address.
>
> [root at hactar ~]# dig www.thomascook.de -t any +trace
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> www.thomascook.de
> -t any +trace
> ;; global options: +cmd
> .                       449874  IN      NS      j.root-servers.net.
> .                       449874  IN      NS      k.root-servers.net.
> .                       449874  IN      NS      l.root-servers.net.
> .                       449874  IN      NS      m.root-servers.net.
> .                       449874  IN      NS      a.root-servers.net.
> .                       449874  IN      NS      b.root-servers.net.
> .                       449874  IN      NS      c.root-servers.net.
> .                       449874  IN      NS      d.root-servers.net.
> .                       449874  IN      NS      e.root-servers.net.
> .                       449874  IN      NS      f.root-servers.net.
> .                       449874  IN      NS      g.root-servers.net.
> .                       449874  IN      NS      h.root-servers.net.
> .                       449874  IN      NS      i.root-servers.net.
> ;; Received 512 bytes from 212.24.128.8#53(212.24.128.8) in 2882 ms
>
> de.                     172800  IN      NS      a.nic.de.
> de.                     172800  IN      NS      f.nic.de.
> de.                     172800  IN      NS      l.de.net.
> de.                     172800  IN      NS      n.de.net.
> de.                     172800  IN      NS      s.de.net.
> de.                     172800  IN      NS      z.nic.de.
> ;; Received 349 bytes from 198.41.0.4#53(198.41.0.4) in 1294 ms
>
> thomascook.de.          86400   IN      NS      koeln.nic.xlink.net.
> thomascook.de.          86400   IN      NS      frankfurt.nic.xlink.net.
> ;; Received 105 bytes from 2001:678:2::53#53(2001:678:2::53) in 515 ms
>
> www.thomascook.de.      600     IN      CNAME  
> www.thomascook.de.nsatc.net.
> thomascook.de.          1800    IN      NS      frankfurt.nic.xlink.net.
> thomascook.de.          1800    IN      NS      koeln.nic.xlink.net.
> ;; Received 162 bytes from 193.141.43.129#53(193.141.43.129) in 37 ms
>
> ...and then I try to ask them.
>
> [root at hactar ~]# dig @koeln.nic.xlink.net www.thomascook.de.nsatc.net
> -t any
>
> ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>>
> @koeln.nic.xlink.net www.thomascook.de.nsatc.net -t any
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28421
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5
>
> ;; QUESTION SECTION:
> ;www.thomascook.de.nsatc.net.   IN      ANY
>
> ;; ANSWER SECTION:
> www.thomascook.de.nsatc.net. 300 IN     A       87.124.38.165
>
> ;; AUTHORITY SECTION:
> nsatc.net.              172800  IN      NS      uk-2.ns.nsatc.net.
> nsatc.net.              172800  IN      NS      de-6.ns.nsatc.net.
> nsatc.net.              172800  IN      NS      b.ns.nsatc.net.
> nsatc.net.              172800  IN      NS      it-1.ns.nsatc.net.
> nsatc.net.              172800  IN      NS      e.ns.nsatc.net.
>
> ;; ADDITIONAL SECTION:
> uk-2.ns.nsatc.net.      172800  IN      A       8.12.199.51
> de-6.ns.nsatc.net.      172800  IN      A       213.200.97.117
> b.ns.nsatc.net.         172800  IN      A       207.123.33.51
> it-1.ns.nsatc.net.      172800  IN      A       8.12.209.47
> e.ns.nsatc.net.         172800  IN      A       212.187.162.134
>
> ;; Query time: 36 msec
> ;; SERVER: 194.120.12.245#53(194.120.12.245)
> ;; WHEN: Thu Jul 26 11:19:36 2012
> ;; MSG SIZE  rcvd: 233
>
> My guess is that ISP for thomascook.de tried to fool...err, fix the
> problem for his customer by adding some extra zones to his resolvers.
> My questions are - 'how is this supposed to work?' and 'it this kind
> of dns blacklisting common?'
>

-- 
Best regards

Sten Carlsen

No improvements come from shouting:
       "MALE BOVINE MANURE!!!"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120726/28d6ce5b/attachment.html>

More information about the bind-users mailing list