For DNS related escalations at $$$job, this is the number #1 issue we run across .. typically misconfigured DNSSEC :)
> On Oct 29, 2016, at 1:15 PM, David Milholen <[email protected]> wrote: > > That may be.. I really never finished setting dnssec up > > > On 10/29/2016 11:33 AM, Paul Stewart wrote: >> On the surface it sounds like broken DNSSEC … >> >> My first few queries using our name servers failed and then they started >> returning valid responses that were cached … strange... >> >> >>> On Oct 29, 2016, at 11:40 AM, Bill Prince <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Not sure what you're talking about. However, I tried the same lookup using >>> google DNS from here and got this result: >>> >>> nslookup wletc.com <http://wletc.com/> 8.8.8.8 >>> Server: 8.8.8.8 >>> Address: 8.8.8.8#53 >>> >>> ** server can't find wletc.com <http://wletc.com/>: NXDOMAIN >>> I then tried it using our internal DNS server and got this: >>> nslookup wletc.com <http://wletc.com/> 69.36.***.*** >>> Server: 69.36.***.*** >>> Address: 69.36.***.***#53 >>> >>> Non-authoritative answer: >>> Name: wletc.com <http://wletc.com/> >>> Address: 162.212.24.50 >>> >>> >>> bp >>> <part15sbs{at}gmail{dot}com> >>> >>> On 10/28/2016 4:28 PM, David Milholen wrote: >>>> Ok, >>>> I have some happy IDS components that seem to stopping google dns from >>>> completing a lookup to our website. >>>> How can I find out what ips are being blocked from making the trip? >>>> I am not sure a traceroute is going to do it. I dont have an issue >>>> getting to google. >>>> google-dns is having an issue finding our dns. >>>> >>>> This is what I get with the commands I run >>>> nslookup wletc.com <http://wletc.com/> 8.8.8.8 >>>> Server: 8.8.8.8 >>>> Address: 8.8.8.8#53 >>>> >>>> ** server can't find wletc.com <http://wletc.com/>: SERVFAIL >>>> >>>> When I disable the firewall rule that drops the bad IPs this is what I get. >>>> nslookup wletc.com <http://wletc.com/> 8.8.8.8 >>>> Server: 8.8.8.8 >>>> Address: 8.8.8.8#53 >>>> >>>> Non-authoritative answer: >>>> Name: wletc.com <http://wletc.com/> >>>> Address: 162.212.24.50 >>>> >>>> What ip addresses are causing the lookup to fail?? >>>> >>>> -- >>>> <Mail Attachment.jpeg> >>> >> > > -- > <Davidmvcf.jpg>
