Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
dpaste.com ... anything weird about its dns entry?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Sat Dec 11, 2021 4:50 pm    Post subject: dpaste.com ... anything weird about its dns entry? Reply with quote

Well, I somehow configured my machine to break when trying to look up dpaste.com. My convoluted DNS (caching named/bind server with local reverse dns lookups) breaks when trying to look up dpaste.com. It times out and SERVFAILs the request.

However it works fine for all other hosts that I throw at it. And I use a different DNS server it works, but those DNS servers do not reverse resolve my LAN hosts...

Might have to pull out the shark to see if it's even trying to do the lookup, but anyone see anything unusual about dpaste.com ?
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3875

PostPosted: Sat Dec 11, 2021 4:59 pm    Post subject: Reply with quote

This is what i get if i dig it
Code:

dig @localhost dpaste.com

; <<>> DiG 9.16.22 <<>> @localhost dpaste.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9351
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 4d843ce6d3b1543185add (good)
;; QUESTION SECTION:
;dpaste.com.         IN   A

;; ANSWER SECTION:
dpaste.com.      383   IN   CNAME   webapp-837091.pythonanywhere.com.
webapp-837091.pythonanywhere.com. 277 IN A   35.173.69.207

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Dec 11 18:56:35 EET 2021
;; MSG SIZE  rcvd: 129

Does it seem helpful to you?
I see it is an alias of webapp-837091.pythonanywhere.com
Mine also a Bind server.
_________________
:)
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Sat Dec 11, 2021 5:20 pm    Post subject: Reply with quote

Only thing weird is I set up my bind server forwarders to my ISP instead of to the root servers, but my ISP seems to resolve fine too... This is very strange that only dpaste.com does not work as far as I can tell... I see other CNAME records work just fine too...just not dpaste.com.

DiGging dpaste.com reports a very similar result except I get no ANSWER section... Weird.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21489

PostPosted: Sat Dec 11, 2021 5:26 pm    Post subject: Reply with quote

As I understand your most recent post, the missing ANSWER is when you dig @caching-server. What if you dig @isp-server, so that you get every step of the chain except the local caching server?

My results for dpaste match what alamahant showed.
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3875

PostPosted: Sat Dec 11, 2021 5:27 pm    Post subject: Reply with quote

If you'd changed your forwarder?
I use 1.1.1.1
Maybe dnssec-validation would have anything to do with the problem?
Just an ignorant hunch.
_________________
:)
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Sat Dec 11, 2021 6:55 pm    Post subject: Reply with quote

Yes it's a problem solely with the caching server, but understanding the situation would help out figuring out what's wrong with the caching server...

It could be dnssec issues, but wondering why specifically dpaste.com, perhaps dpaste's dns server requires dnssec else it won't give a response?

---

Packet sniffing : Too lazy to shark it, just used tcpdump.

It looks like it got the CNAME (and an A) record fine but it gets into a transaction which I'm not quite familiar with, and it does look like it may very well be a failed DNSSEC transaction ... to the upstream (non authoritative) DNS. Need to figure out how this should work...and then be able to get a fix... Perhaps my cache was trying to validate the CNAME and A records it got and wasn't able to verify, so it threw it out... ahh!

I just don't know why I can look up citibank.com and other banks which I would hope have similar protection against dns hijacking.
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum