dns blacklist?

Thu, 26 Jul 2012 02:29:53 -0700 

Hello,
one of our customers asked us to take a look at strange problem. One address seems to 'work' in Germany, but not here. So I've tried it and found this: 

[pupu@aphrael ~]$ dig www.thomascook.de -t any

; <<>> DiG 9.9.1-P1-RedHat-9.9.1-2.P1.fc17 <<>> www.thomascook.de -t any
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23750
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 2

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1280
;; QUESTION SECTION:
;www.thomascook.de.             IN      ANY

;; ANSWER SECTION:
www.thomascook.de.      600     IN      CNAME   www.thomascook.de.nsatc.net.

;; ADDITIONAL SECTION:
www.thomascook.de.nsatc.net. 300 IN     A       127.0.0.2

;; Query time: 75 msec
;; SERVER: 192.168.96.11#53(192.168.96.11)
;; WHEN: Thu Jul 26 11:10:41 2012
;; MSG SIZE  rcvd: 103


Well, that probably 'doesn't work', but it shouldn't work worldwide. The 
strange thing appears when I try to ask differently. First, I check 
authorities for this address.


[root@hactar ~]# dig www.thomascook.de -t any +trace


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> www.thomascook.de -t 
any +trace

;; global options: +cmd
.                       449874  IN      NS      j.root-servers.net.
.                       449874  IN      NS      k.root-servers.net.
.                       449874  IN      NS      l.root-servers.net.
.                       449874  IN      NS      m.root-servers.net.
.                       449874  IN      NS      a.root-servers.net.
.                       449874  IN      NS      b.root-servers.net.
.                       449874  IN      NS      c.root-servers.net.
.                       449874  IN      NS      d.root-servers.net.
.                       449874  IN      NS      e.root-servers.net.
.                       449874  IN      NS      f.root-servers.net.
.                       449874  IN      NS      g.root-servers.net.
.                       449874  IN      NS      h.root-servers.net.
.                       449874  IN      NS      i.root-servers.net.
;; Received 512 bytes from 212.24.128.8#53(212.24.128.8) in 2882 ms

de.                     172800  IN      NS      a.nic.de.
de.                     172800  IN      NS      f.nic.de.
de.                     172800  IN      NS      l.de.net.
de.                     172800  IN      NS      n.de.net.
de.                     172800  IN      NS      s.de.net.
de.                     172800  IN      NS      z.nic.de.
;; Received 349 bytes from 198.41.0.4#53(198.41.0.4) in 1294 ms

thomascook.de.          86400   IN      NS      koeln.nic.xlink.net.
thomascook.de.          86400   IN      NS      frankfurt.nic.xlink.net.
;; Received 105 bytes from 2001:678:2::53#53(2001:678:2::53) in 515 ms

www.thomascook.de.      600     IN      CNAME   www.thomascook.de.nsatc.net.
thomascook.de.          1800    IN      NS      frankfurt.nic.xlink.net.
thomascook.de.          1800    IN      NS      koeln.nic.xlink.net.
;; Received 162 bytes from 193.141.43.129#53(193.141.43.129) in 37 ms

...and then I try to ask them.

[root@hactar ~]# dig @koeln.nic.xlink.net www.thomascook.de.nsatc.net -t any


; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6 <<>> @koeln.nic.xlink.net 
www.thomascook.de.nsatc.net -t any

; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 28421
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;www.thomascook.de.nsatc.net.   IN      ANY

;; ANSWER SECTION:
www.thomascook.de.nsatc.net. 300 IN     A       87.124.38.165

;; AUTHORITY SECTION:
nsatc.net.              172800  IN      NS      uk-2.ns.nsatc.net.
nsatc.net.              172800  IN      NS      de-6.ns.nsatc.net.
nsatc.net.              172800  IN      NS      b.ns.nsatc.net.
nsatc.net.              172800  IN      NS      it-1.ns.nsatc.net.
nsatc.net.              172800  IN      NS      e.ns.nsatc.net.

;; ADDITIONAL SECTION:
uk-2.ns.nsatc.net.      172800  IN      A       8.12.199.51
de-6.ns.nsatc.net.      172800  IN      A       213.200.97.117
b.ns.nsatc.net.         172800  IN      A       207.123.33.51
it-1.ns.nsatc.net.      172800  IN      A       8.12.209.47
e.ns.nsatc.net.         172800  IN      A       212.187.162.134

;; Query time: 36 msec
;; SERVER: 194.120.12.245#53(194.120.12.245)
;; WHEN: Thu Jul 26 11:19:36 2012
;; MSG SIZE  rcvd: 233


My guess is that ISP for thomascook.de tried to fool...err, fix the 
problem for his customer by adding some extra zones to his resolvers. My 
questions are - 'how is this supposed to work?' and 'it this kind of dns 
blacklisting common?'


--
***********************************************************************
Pavel Urban

   Vegetables should not operate electronic equipment.
          Computer Stupidities, http://rinkworks.com/stupid/
***********************************************************************
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to