DNS/毒盛/攻撃手法/移転インジェクション/確認方法/unbound-0

DNS/毒盛/移転インジェクション/確認方法/unboundについて、ここに記述してください。

Ubuntu 16.04LTS上の標準Unbound　1.5.8 (標準Option)

キャッシュに関連レコードが存在しない場合には、最初の返答だけは別に取り扱う必要がありそうだ。

$ dig d1.flip.e-ontap.com @127.0.0.2

; <<>> DiG 9.12.0 <<>> d1.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23528
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;d1.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
d1.flip.e-ontap.com.    300     IN      A       150.42.6.1

;; Query time: 52 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 09:46:18 JST 2018
;; MSG SIZE  rcvd: 64

tmaeno@u16:~$ dig -t ns flip.e-ontap.com @127.0.0.2

; <<>> DiG 9.12.0 <<>> -t ns flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55064
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;flip.e-ontap.com.              IN      NS

;; ANSWER SECTION:
flip.e-ontap.com.       3600    IN      NS      ns.flip.internot.jp.

;; Query time: 133 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 09:46:43 JST 2018
;; MSG SIZE  rcvd: 78

1. はじまり

tmaeno@u16:~$ dig d2.flip.e-ontap.com @127.0.0.2

; <<>> DiG 9.12.0 <<>> d2.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17047
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;d2.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
d2.flip.e-ontap.com.    300     IN      A       150.42.6.5

;; Query time: 24 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 09:47:12 JST 2018
;; MSG SIZE  rcvd: 64

tmaeno@u16:~$ dig d3.flip.e-ontap.com @127.0.0.2

; <<>> DiG 9.12.0 <<>> d3.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13962
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;d3.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
d3.flip.e-ontap.com.    300     IN      A       150.42.6.5

;; Query time: 22 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 09:47:35 JST 2018
;; MSG SIZE  rcvd: 64

2. キャッシュは書き直されるか

$ dig d7.flip.e-ontap.com @127.0.0.2

; <<>> DiG 9.12.0 <<>> d7.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37118
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;d7.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
d7.flip.e-ontap.com.    300     IN      A       150.42.6.5

;; Query time: 22 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 10:03:17 JST 2018
;; MSG SIZE  rcvd: 64

tmaeno@u16:~$ dig -t ns flip.e-ontap.com @127.0.0.2

; <<>> DiG 9.12.0 <<>> -t ns flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53151
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;flip.e-ontap.com.              IN      NS

;; ANSWER SECTION:
flip.e-ontap.com.       2577    IN      NS      ns.flip.internot.jp.

;; Query time: 0 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 10:03:46 JST 2018
;; MSG SIZE  rcvd: 78

3. 上書きされない

$ dig d9.flip.e-ontap.com @127.0.0.2

; <<>> DiG 9.12.0 <<>> d9.flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7833
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;d9.flip.e-ontap.com.           IN      A

;; ANSWER SECTION:
d9.flip.e-ontap.com.    300     IN      A       150.42.6.5

;; Query time: 23 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 10:32:35 JST 2018
;; MSG SIZE  rcvd: 64

tmaeno@u16:~$ dig -t ns flip.e-ontap.com @127.0.0.2

; <<>> DiG 9.12.0 <<>> -t ns flip.e-ontap.com @127.0.0.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35772
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1220
;; QUESTION SECTION:
;flip.e-ontap.com.              IN      NS

;; ANSWER SECTION:
flip.e-ontap.com.       842     IN      NS      ns.flip.internot.jp.

;; Query time: 0 msec
;; SERVER: 127.0.0.2#53(127.0.0.2)
;; WHEN: Sat Apr 07 10:32:41 JST 2018
;; MSG SIZE  rcvd: 78

MoinQ: DNS/毒盛/攻撃手法/移転インジェクション/確認方法/unbound-0 (last edited 2021-05-02 07:23:02 by ToshinoriMaeno)