[nsp-sec] 4.2.2.2 DNS wierdness ??

Schiel, John John.Schiel at twtelecom.com
Mon Oct 20 12:39:28 EDT 2014 


> -----Original Message-----
> From: nsp-security [mailto:nsp-security-bounces at puck.nether.net] On Behalf
> Of Lawrence Baldwin
> Sent: Monday, October 20, 2014 10:29 AM
> To: Nsp-Security; Wentworth, Brett
> Subject: [nsp-sec] 4.2.2.2 DNS wierdness ??
>
> ----------- nsp-security Confidential --------
>
> Anyone noticing issues with this much used open resolver?

Looks fine from Littleton, CO:


[user at somehost ~]$ dig @4.2.2.2 budget.com

; <<>> DiG 9.2.4 <<>> @4.2.2.2 budget.com
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47120
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;budget.com.                    IN      A

;; ANSWER SECTION:
budget.com.             20      IN      A       23.6.130.87

;; Query time: 266 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Mon Oct 20 10:36:00 2014
;; MSG SIZE  rcvd: 44

 [user at somehost ~]$ nslookup
> server 4.2.2.2
Default server: 4.2.2.2
Address: 4.2.2.2#53
> budget.com
Server:         4.2.2.2
Address:        4.2.2.2#53

Non-authoritative answer:
Name:   budget.com
Address: 2.23.198.79


>
>
> $ nslookup
> > server 4.2.2.2
> Default server: 4.2.2.2
> Address: 4.2.2.2#53
> > budget.com
> ;; connection timed out; trying next origin
> Server:               4.2.2.2
> Address:      4.2.2.2#53
>
> ** server can't find budget.com: NXDOMAIN
>
> > www.google.com
> Server:               4.2.2.2
> Address:      4.2.2.2#53
>
> Non-authoritative answer:
> Name: www.google.com
> Address: 74.125.229.177
> Name: www.google.com
> Address: 74.125.229.179
> Name: www.google.com
> Address: 74.125.229.180
> Name: www.google.com
> Address: 74.125.229.176
> Name: www.google.com
> Address: 74.125.229.178
>
>
> > booking.com
> Server:               4.2.2.2
> Address:      4.2.2.2#53
>
> ** server can't find booking.com: NXDOMAIN
>
>
> Had some of our stuff using it to resolve and was causing a ton of problems
> since it seems to NOT want to resolve bunches of domains..things got real bad
> when it stopped resolving pool.ntp.org (though that seems to be working now).
>
>
> --
> Lawrence Baldwin
> Chief Forensics Officer
> myNetWatchman.com
> Atlanta, GA
> +1.678.624.0924
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security counter-
> measures.
> _______________________________________________


-------------



The content contained in this electronic message is not intended to constitute formation of a contract binding tw telecom. tw telecom will be contractually bound only upon execution, by an authorized officer, of a contract including agreed terms and conditions or by express application of its tariffs. This message is intended only for the use of the individual or entity to which it is addressed. If the reader of this message is not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the sender of this E-Mail or by telephone.

More information about the nsp-security mailing list