odd behavior in bind-8.2.2_P3 (fwd) - "illegitimate COM server" - more
Ted_Rule at flextech.co.uk
Ted_Rule at flextech.co.uk
Thu Sep 7 09:37:19 UTC 2000
Since I couldn't be absolutely sure from the existing posts that this wasn't a
problem
in 8.2.2-P5, I decided to bite the bullet and test it. As with Lamont's post of
8.2.2-P3's
behaviour, it seems that the bad referral code traps the problem and thus avoids
caching
the broken NS record. As with P3, this log message appears with P5.
Sep 7 10:19:07 homer named[15887]: bad referral (com !< EROSROUGE.com)
Hence the issue is presumably only a problem for very old name servers directly
querying
the COM servers. Most modern firewall and ISP's DNS servers are going to be
recent enough
to catch this problem and avoid passing on the infection. Individual client
resolvers will see
the broken NS records in the responses, but very little - if anything - at the
client resolver end
will be using the Authority section anyway.
dig trace of test run together with corresponding syslog below.
Ted
BEFORE:
$ dig @homer com any +norecurse
; <<>> DiG 8.2 <<>> @homer com any +norecurse
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48375
;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 12, ADDITIONAL: 1
;; QUERY SECTION:
;; com, type = ANY, class = IN
;; ANSWER SECTION:
com. 1d10h10m6s IN NS A.ROOT-SERVERS.NET.
com. 1d10h10m6s IN NS E.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS F.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS F.ROOT-SERVERS.NET.
com. 1d10h10m6s IN NS J.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS K.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS A.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS M.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS G.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS C.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS I.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS B.GTLD-SERVERS.NET.
com. 22h58m12s IN SOA A.ROOT-SERVERS.NET. hostmaster.nsiregi
stry.NET. (
2000090600 ; serial
30M ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; AUTHORITY SECTION:
com. 1d10h10m6s IN NS A.ROOT-SERVERS.NET.
com. 1d10h10m6s IN NS E.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS F.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS F.ROOT-SERVERS.NET.
com. 1d10h10m6s IN NS J.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS K.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS A.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS M.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS G.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS C.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS I.GTLD-SERVERS.NET.
com. 1d10h10m6s IN NS B.GTLD-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 4d5h48m32s IN A 198.41.0.4
;; Total query time: 2 msec
;; FROM: homer.flextech.co.uk to SERVER: homer 195.188.171.98
;; WHEN: Thu Sep 7 10:14:14 2000
;; MSG SIZE sent: 21 rcvd: 485
[
$ dig @a.root-servers.net www.erosrouge.com a +norecurse
; <<>> DiG 8.2 <<>> @a.root-servers.net www.erosrouge.com a +norecurse
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42505
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; www.erosrouge.com, type = A, class = IN
;; AUTHORITY SECTION:
EROSROUGE.COM. 2D IN NS MYIFRIENDSNS1.WEBPOWER.COM.
EROSROUGE.COM. 2D IN NS MYIFRIENDSNS2.WEBPOWER.COM.
;; ADDITIONAL SECTION:
MYIFRIENDSNS1.WEBPOWER.COM. 2D IN A 204.180.135.105
MYIFRIENDSNS2.WEBPOWER.COM. 2D IN A 207.76.82.105
;; Total query time: 166 msec
;; FROM: homer.flextech.co.uk to SERVER: a.root-servers.net 198.41.0.4
;; WHEN: Thu Sep 7 10:16:01 2000
;; MSG SIZE sent: 35 rcvd: 145
$ dig @myifriendsns1.webpower.com www.erosrouge.com a +norecurse
; <<>> DiG 8.2 <<>> @myifriendsns1.webpower.com www.erosrouge.com a +norecurse
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21831
;; flags: qr aa ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; www.erosrouge.com, type = A, class = IN
;; ANSWER SECTION:
www.erosrouge.com. 10S IN A 204.180.135.105
;; AUTHORITY SECTION:
com. 1D IN NS myifriendsns1.webpower.com.
;; Total query time: 143 msec
;; FROM: homer.flextech.co.uk to SERVER: myifriendsns1.webpower.com 204.180.135
.105
;; WHEN: Thu Sep 7 10:16:41 2000
;; MSG SIZE sent: 35 rcvd: 91
$ dig @homer com any +norecurse
; <<>> DiG 8.2 <<>> @homer com any +norecurse
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47030
;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 12, ADDITIONAL: 1
;; QUERY SECTION:
;; com, type = ANY, class = IN
;; ANSWER SECTION:
com. 1d8h24m48s IN NS A.ROOT-SERVERS.NET.
com. 1d8h24m48s IN NS E.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS F.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS F.ROOT-SERVERS.NET.
com. 1d8h24m48s IN NS J.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS K.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS A.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS M.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS G.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS C.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS I.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS B.GTLD-SERVERS.NET.
com. 22h55m16s IN SOA A.ROOT-SERVERS.NET. hostmaster.nsiregi
stry.NET. (
2000090600 ; serial
30M ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; AUTHORITY SECTION:
com. 1d8h24m48s IN NS A.ROOT-SERVERS.NET.
com. 1d8h24m48s IN NS E.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS F.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS F.ROOT-SERVERS.NET.
com. 1d8h24m48s IN NS J.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS K.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS A.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS M.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS G.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS C.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS I.GTLD-SERVERS.NET.
com. 1d8h24m48s IN NS B.GTLD-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 4d5h45m36s IN A 198.41.0.4
;; Total query time: 2 msec
;; FROM: homer.flextech.co.uk to SERVER: homer 195.188.171.98
;; WHEN: Thu Sep 7 10:17:10 2000
;; MSG SIZE sent: 21 rcvd: 485
$ dig @homer www.erosrouge.com a
; <<>> DiG 8.2 <<>> @homer www.erosrouge.com a
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; www.erosrouge.com, type = A, class = IN
;; ANSWER SECTION:
www.erosrouge.com. 10S IN A 204.180.135.105
;; AUTHORITY SECTION:
com. 1D IN NS myifriendsns1.webpower.com.
;; Total query time: 316 msec
;; FROM: homer.flextech.co.uk to SERVER: homer 195.188.171.98
;; WHEN: Thu Sep 7 10:19:07 2000
;; MSG SIZE sent: 35 rcvd: 91
AFTER
$ dig @homer com any +norecurse
; <<>> DiG 8.2 <<>> @homer com any +norecurse
; (1 server found)
;; res options: init defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8561
;; flags: qr ra; QUERY: 1, ANSWER: 13, AUTHORITY: 12, ADDITIONAL: 1
;; QUERY SECTION:
;; com, type = ANY, class = IN
;; ANSWER SECTION:
com. 1d5h13m12s IN NS A.ROOT-SERVERS.NET.
com. 1d5h13m12s IN NS E.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS F.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS F.ROOT-SERVERS.NET.
com. 1d5h13m12s IN NS J.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS K.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS A.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS M.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS G.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS C.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS I.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS B.GTLD-SERVERS.NET.
com. 22h53m8s IN SOA A.ROOT-SERVERS.NET. hostmaster.nsiregis
try.NET. (
2000090600 ; serial
30M ; refresh
15M ; retry
1W ; expiry
1D ) ; minimum
;; AUTHORITY SECTION:
com. 1d5h13m12s IN NS A.ROOT-SERVERS.NET.
com. 1d5h13m12s IN NS E.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS F.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS F.ROOT-SERVERS.NET.
com. 1d5h13m12s IN NS J.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS K.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS A.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS M.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS G.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS C.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS I.GTLD-SERVERS.NET.
com. 1d5h13m12s IN NS B.GTLD-SERVERS.NET.
;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET. 4d5h43m28s IN A 198.41.0.4
;; Total query time: 2 msec
;; FROM: homer.flextech.co.uk to SERVER: homer 195.188.171.98
;; WHEN: Thu Sep 7 10:19:18 2000
;; MSG SIZE sent: 21 rcvd: 485
Sep 7 10:18:15 homer named[15887]: query log on
Sep 7 10:18:24 homer named[15887]: XX /195.188.171.98/com/ANY/IN
Sep 7 10:18:25 homer named[15887]: XX+/195.188.171.75/livingtv.co.uk/ANY/IN
Sep 7 10:18:26 homer named[15887]: XX+/195.188.171.75/livingtv.co.uk/MX/IN
Sep 7 10:19:07 homer named[15887]: XX+/195.188.171.98/www.erosrouge.com/A/IN
Sep 7 10:19:07 homer named[15887]: bad referral (com !< EROSROUGE.com)
Sep 7 10:19:11 homer named[15887]: XX+/195.188.171.75/41.6.152.195.in-addr.arpa
/PTR/IN
Sep 7 10:19:11 homer named[15887]: XX+/195.188.171.75/snagglepuss.bluewave.co.u
k/A/IN
Sep 7 10:19:18 homer named[15887]: XX /195.188.171.98/com/ANY/IN
Sep 7 10:19:24 homer named[15887]: XX /195.188.171.2/discovery-europe.com/SOA/I
N
Sep 7 10:19:33 homer named[15887]: XX /195.188.171.2/discovery-europe.co.uk/SOA
/IN
Sep 7 10:19:34 homer named[15887]: XX+/195.188.171.80/2.106.90.194.in-addr.arpa
/PTR/IN
Sep 7 10:19:34 homer named[15887]: XX+/195.188.171.80/jeru.ndc.co.il/A/IN
Sep 7 10:19:47 homer named[15887]: query log off
***************************************************************************************************
This E-mail message, including any attachments, is intended only for the person
or entity to which it is addressed, and may contain confidential information.
If you are not the intended recipient, any review, retransmission, disclosure,
copying, modification or other use of this E-mail message or attachments is
strictly forbidden.
If you have received this E-mail message in error, please contact the author and
delete the message and any attachments from your computer.
You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the views
and opinions of FLEXTECH Television Limited.
***************************************************************************************************
More information about the bind-workers
mailing list