DNS/毒盛/攻撃手法/移転インジェクション/確認方法/bind/NS

DNS/毒盛/移転インジェクション/確認方法/bind/NSについて、ここに記述してください。

flip.e-ontap.com TTL満了を待って、NSを問い合わせしなおした。

以下の返答が権威ある返答であることは推測可能とかんがえる。
- そして、Authでは上書きされないと考えた。-- ToshinoriMaeno 2018-04-07 08:36:14

$ dig -t ns flip.e-ontap.com

; <<>> DiG 9.12.0 <<>> -t ns flip.e-ontap.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44379
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;flip.e-ontap.com.              IN      NS

;; ANSWER SECTION:
flip.e-ontap.com.       3600    IN      NS      ns.flip.internot.jp.

;; Query time: 295 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Apr 07 17:26:07 JST 2018
;; MSG SIZE  rcvd: 78

確認：

$ dig -t ns flip.e-ontap.com

; <<>> DiG 9.12.0 <<>> -t ns flip.e-ontap.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44379
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;flip.e-ontap.com.              IN      NS

;; ANSWER SECTION:
flip.e-ontap.com.       3600    IN      NS      ns.flip.internot.jp.

;; Query time: 295 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Apr 07 17:26:07 JST 2018
;; MSG SIZE  rcvd: 78

1. 毒盛試験

権威あるNSレコードの上書きはされない。

$ dig -t a xxxx.flip.e-ontap.com 

; <<>> DiG 9.12.0 <<>> -t a xxxx.flip.e-ontap.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18912
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;xxxx.flip.e-ontap.com.         IN      A

;; ANSWER SECTION:
xxxx.flip.e-ontap.com.  60      IN      A       150.42.6.5

;; Query time: 545 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Apr 07 17:31:24 JST 2018
;; MSG SIZE  rcvd: 66

$ dig -t a xxxx.flip.e-ontap.com

; <<>> DiG 9.12.0 <<>> -t a xxxx.flip.e-ontap.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18912 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;xxxx.flip.e-ontap.com. IN A

;; ANSWER SECTION: xxxx.flip.e-ontap.com. 60 IN A 150.42.6.5

;; Query time: 545 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Apr 07 17:31:24 JST 2018 ;; MSG SIZE rcvd: 66 }}}

$ dig -t a x1.flip.e-ontap.com 

; <<>> DiG 9.12.0 <<>> -t a x1.flip.e-ontap.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36829
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;x1.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
x1.flip.e-ontap.com.    60      IN      A       150.42.6.5

;; Query time: 12 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Apr 07 17:32:54 JST 2018
;; MSG SIZE  rcvd: 64

$ dig -t ns flip.e-ontap.com 

; <<>> DiG 9.12.0 <<>> -t ns flip.e-ontap.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 214
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;flip.e-ontap.com.              IN      NS

;; ANSWER SECTION:
flip.e-ontap.com.       3082    IN      NS      ns.flip.internot.jp.

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Apr 07 17:34:45 JST 2018
;; MSG SIZE  rcvd: 78

MoinQ: DNS/毒盛/攻撃手法/移転インジェクション/確認方法/bind/NS (last edited 2021-05-02 07:23:02 by ToshinoriMaeno)