1. DNS/毒盛/flip.e-ontap.com/上級編/AnswerNS/unbound
2. Unbound
この脆弱性はない。-- ToshinoriMaeno 2019-01-14 15:07:53
$ unbound-control flush_zone com ok removed 99 rrsets, 66 messages and 0 key entries tmaeno@u16:~$ dig -t ns flip.e-ontap.com @127.0.0.3 ; <<>> DiG 9.12.3 <<>> -t ns flip.e-ontap.com @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22364 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;flip.e-ontap.com. IN NS ;; ANSWER SECTION: flip.e-ontap.com. 3600 IN NS ns.flip.e-ontap.com. ;; Query time: 250 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 火 1月 15 00:00:47 JST 2019 ;; MSG SIZE rcvd: 62 tmaeno@u16:~$ dig 1.flip.e-ontap.com @127.0.0.3 ; <<>> DiG 9.12.3 <<>> 1.flip.e-ontap.com @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41537 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;1.flip.e-ontap.com. IN A ;; ANSWER SECTION: 1.flip.e-ontap.com. 600 IN A 150.42.6.1 ;; Query time: 12 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 火 1月 15 00:00:58 JST 2019 ;; MSG SIZE rcvd: 63 tmaeno@u16:~$ dig 2.flip.e-ontap.com @127.0.0.3 ; <<>> DiG 9.12.3 <<>> 2.flip.e-ontap.com @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60370 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;2.flip.e-ontap.com. IN A ;; ANSWER SECTION: 2.flip.e-ontap.com. 600 IN A 150.42.6.1 ;; Query time: 12 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 火 1月 15 00:01:06 JST 2019 ;; MSG SIZE rcvd: 63
3. cache確認
tmaeno@u16:~$ dig +norec -t ns flip.e-ontap.com @127.0.0.3 ; <<>> DiG 9.12.3 <<>> +norec -t ns flip.e-ontap.com @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59477 ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;flip.e-ontap.com. IN NS ;; ANSWER SECTION: flip.e-ontap.com. 3571 IN NS ns.flip.e-ontap.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 火 1月 15 00:01:16 JST 2019 ;; MSG SIZE rcvd: 62 tmaeno@u16:~$ dig +norec -t a ns.flip.e-ontap.com @127.0.0.3 ; <<>> DiG 9.12.3 <<>> +norec -t a ns.flip.e-ontap.com @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21042 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;ns.flip.e-ontap.com. IN A ;; AUTHORITY SECTION: flip.e-ontap.com. 3561 IN NS ns.flip.e-ontap.com. ;; ADDITIONAL SECTION: ns.flip.e-ontap.com. 3561 IN A 150.42.6.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 火 1月 15 00:01:26 JST 2019 ;; MSG SIZE rcvd: 78
4. 5 分後
$ date 2019年 1月 15日 火曜日 00:05:03 JST tmaeno@u16:~$ dig 5.flip.e-ontap.com @127.0.0.3 ; <<>> DiG 9.12.3 <<>> 5.flip.e-ontap.com @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54699 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;5.flip.e-ontap.com. IN A ;; ANSWER SECTION: 5.flip.e-ontap.com. 600 IN A 150.42.6.1 ;; Query time: 11 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 火 1月 15 00:05:13 JST 2019 ;; MSG SIZE rcvd: 63 tmaeno@u16:~$ dig 6.flip.e-ontap.com @127.0.0.3 ; <<>> DiG 9.12.3 <<>> 6.flip.e-ontap.com @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10453 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;6.flip.e-ontap.com. IN A ;; ANSWER SECTION: 6.flip.e-ontap.com. 600 IN A 150.42.6.1 ;; Query time: 12 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 火 1月 15 00:05:22 JST 2019 ;; MSG SIZE rcvd: 63
5. cache確認
tmaeno@u16:~$ dig +norec -t ns flip.e-ontap.com @127.0.0.3 ; <<>> DiG 9.12.3 <<>> +norec -t ns flip.e-ontap.com @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26161 ;; flags: qr ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;flip.e-ontap.com. IN NS ;; ANSWER SECTION: flip.e-ontap.com. 3318 IN NS ns.flip.e-ontap.com. ;; Query time: 0 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 火 1月 15 00:05:29 JST 2019 ;; MSG SIZE rcvd: 62 tmaeno@u16:~$ dig +norec -t a ns.flip.e-ontap.com @127.0.0.3 ; <<>> DiG 9.12.3 <<>> +norec -t a ns.flip.e-ontap.com @127.0.0.3 ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59994 ;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 2 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1220 ;; QUESTION SECTION: ;ns.flip.e-ontap.com. IN A ;; AUTHORITY SECTION: flip.e-ontap.com. 3312 IN NS ns.flip.e-ontap.com. ;; ADDITIONAL SECTION: ns.flip.e-ontap.com. 3312 IN A 150.42.6.1 ;; Query time: 0 msec ;; SERVER: 127.0.0.3#53(127.0.0.3) ;; WHEN: 火 1月 15 00:05:35 JST 2019 ;; MSG SIZE rcvd: 78