1. watchA/cloudflare/乗取/mixed_response

1.1. 疑わしい返答

正常に委譲されたドメインであれば、2つのNSが同じ返答をする。(しかも、委譲NSに一致する。)

しかし、怪しいものがある。

• 2つのNSのうちの一方しか返事をしない。返事のNSセットは登録NSとは不一致。(別の特定NS)
  • 返事をするNSをふたつ返してくる。

  cloudflareの不良というよりは、/elliot/mollyを割当られたひとが乗取を狙ったというのがありそう。

-- ToshinoriMaeno 2019-11-11 03:56:28

brianscottracing.com

• brianscottracing.com. 300 IN A 37.1.202.109

MXなし。

1.2. 例

%dig -t ns brianscottracing.com @a.gtld-servers.net                     ~/dnsq/cf11

; <<>> DiG 9.12.1 <<>> -t ns brianscottracing.com @a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29514
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 5
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;brianscottracing.com.          IN      NS

;; AUTHORITY SECTION:
brianscottracing.com.   172800  IN      NS      elliot.ns.cloudflare.com.
brianscottracing.com.   172800  IN      NS      lorna.ns.cloudflare.com.

;; ADDITIONAL SECTION:
elliot.ns.cloudflare.com. 172800 IN     A       173.245.59.162
elliot.ns.cloudflare.com. 172800 IN     AAAA    2400:cb00:2049:1::adf5:3ba2
lorna.ns.cloudflare.com. 172800 IN      A       173.245.58.190
lorna.ns.cloudflare.com. 172800 IN      AAAA    2400:cb00:2049:1::adf5:3abe

;; Query time: 54 msec
;; SERVER: 192.5.6.30#53(192.5.6.30)
;; WHEN: Mon Nov 11 12:51:53 JST 2019
;; MSG SIZE  rcvd: 192

1.3. elliotの返事

%dig -t ns brianscottracing.com @elliot.ns.cloudflare.com.              ~/dnsq/cf11

; <<>> DiG 9.12.1 <<>> -t ns brianscottracing.com @elliot.ns.cloudflare.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21418
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;brianscottracing.com.          IN      NS

;; ANSWER SECTION:
brianscottracing.com.   86400   IN      NS      elliot.ns.cloudflare.com.
brianscottracing.com.   86400   IN      NS      molly.ns.cloudflare.com.

;; Query time: 7 msec
;; SERVER: 173.245.59.162#53(173.245.59.162)
;; WHEN: Mon Nov 11 12:48:21 JST 2019
;; MSG SIZE  rcvd: 104

12:48f%dig -t ns brianscottracing.com @molly.ns.cloudflare.com.               ~/dnsq/cf11

; <<>> DiG 9.12.1 <<>> -t ns brianscottracing.com @molly.ns.cloudflare.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40810
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;brianscottracing.com.          IN      NS

;; ANSWER SECTION:
brianscottracing.com.   86400   IN      NS      elliot.ns.cloudflare.com.
brianscottracing.com.   86400   IN      NS      molly.ns.cloudflare.com.

;; Query time: 6 msec
;; SERVER: 173.245.58.205#53(173.245.58.205)
;; WHEN: Mon Nov 11 12:48:30 JST 2019
;; MSG SIZE  rcvd: 104

1.4. lorna REFUSED

12:48f%dig -t ns brianscottracing.com @lorna.ns.cloudflare.com.               ~/dnsq/cf11

; <<>> DiG 9.12.1 <<>> -t ns brianscottracing.com @lorna.ns.cloudflare.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: REFUSED, id: 30673
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;brianscottracing.com.          IN      NS

;; Query time: 7 msec
;; SERVER: 173.245.58.190#53(173.245.58.190)
;; WHEN: Mon Nov 11 12:48:48 JST 2019
;; MSG SIZE  rcvd: 49