DNS is tainted
Torinthiel
torinthiel at data.pl
Wed Jun 8 05:40:06 UTC 2011
On 06/08/11 05:09, Jeff Peng wrote:
> Hello,
>
>>From the dig info below:
>
> C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com
> www.nsbeta.info. 3497 IN CNAME nsbeta.info.
> nsbeta.info. 2434 IN A 74.117.232.204
>
> C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com
> www.nsbeta.info. 3492 IN CNAME nsbeta.info.
> nsbeta.info. 2429 IN A 74.117.232.204
>
> C:\dig>dig +nocmd www.nsbeta.info +noall +answer @ns1.google.com
> www.nsbeta.info. 3486 IN CNAME nsbeta.info.
> nsbeta.info. 2423 IN A 74.117.232.204
>
>
> I think my office network's DNS is tainted. because:
What do you mean by 'your office DNS' if you're not asking anything in
your office? It looks rather like either someone in your office or your
ISP is intercepting DNS traffic and answering questions directly.
Probably dig without server would result in answers fitting in same
decreasing TTL.
This is bad, but I don't think you can do much to avoid it, except
complaining or creating some VPN tunnel. It's not however too bad,
unless you're either using TSIG and have locally configured keys, or
trying to debug some specific DNS problem. Answers go out and are
returned, that's most of what's expected from DNS.
Torinthiel
>
> 1) ns1.google.com is authoritative nameserver only, which shouldn't answer this query.
> 2) the TTL is decreased each time, if it's a real authority answer, the TTL should be all the same.
>
> And this is the full output of dig:
>
> C:\dig>dig www.nsbeta.info @ns1.google.com
>
> ; <<>> DiG 9.3.2 <<>> www.nsbeta.info @ns1.google.com
> ; (1 server found)
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1183
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;www.nsbeta.info. IN A
>
> ;; ANSWER SECTION:
> www.nsbeta.info. 3111 IN CNAME nsbeta.info.
> nsbeta.info. 2048 IN A 74.117.232.204
>
> ;; Query time: 15 msec
> ;; SERVER: 216.239.32.10#53(216.239.32.10)
> ;; WHEN: Wed Jun 08 11:09:09 2011
> ;; MSG SIZE rcvd: 74
>
>
> How to deal with this case? Thanks.
>
> Regards.
>
> ____________________________________________________________
> FREE 3D EARTH SCREENSAVER - Watch the Earth right on your desktop!
> Check it out at http://www.inbox.com/earth
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20110608/1d4f6887/attachment.bin>
More information about the bind-users
mailing list