It was an interesting find, which btw, silently breaks portions of online banking, as it redirects through the sso gateways.
-Aaron Sent from my iPhone > On Apr 19, 2014, at 21:20, Dave Taht <[email protected]> wrote: > > you should report it to bank of america and see what happens. > > root@lorna-gw:/etc/config# nslookup www.bankofamerica.com > Server: 127.0.0.1 > Address 1: 127.0.0.1 localhost > > Name: www.bankofamerica.com > Address 1: 171.161.207.100 > root@lorna-gw:/etc/config# nslookup sso-fi.bankofamerica.com > Server: 127.0.0.1 > Address 1: 127.0.0.1 localhost > > nslookup: can't resolve 'sso-fi.bankofamerica.com': Name or service not known > >> On Sat, Apr 19, 2014 at 12:19 PM, Dave Taht <[email protected]> wrote: >> I'm not sure if what you are actually seeing here is a failure or a >> success! It does appear that this is >> indeed a bogus DS. >> >> http://dnssec-debugger.verisignlabs.com/sso-fi.bankofamerica.com >> >>> On Sat, Apr 19, 2014 at 2:43 AM, Aaron Wood <[email protected]> wrote: >>> One of the many servers involved with BofA's online banking: >>> >>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver >>> 8.8.4.4#53 >>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver >>> 8.8.8.8#53 >>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using local addresses >>> only for domain home.lan >>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: read /etc/hosts - 1 >>> addresses >>> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq-dhcp[29719]: read /etc/ethers - >>> 0 addresses >>> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: query[A] >>> saml-bac.onefiserv.com from 172.30.42.99 >>> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded >>> saml-bac.onefiserv.com to 8.8.4.4 >>> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded >>> saml-bac.onefiserv.com to 8.8.8.8 >>> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: dnssec-query[DS] >>> saml-bac.onefiserv.com to 8.8.4.4 >>> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply >>> saml-bac.onefiserv.com is BOGUS DS >>> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: validation result is >>> BOGUS >>> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply >>> saml-bac.onefiserv.com is <CNAME> >>> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply >>> saml-bac.gslb.onefiserv.com is 64.128.98.58 >>> >>> >>> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: query[A] >>> sso-fi.bankofamerica.com from 172.30.42.99 >>> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded >>> sso-fi.bankofamerica.com to 8.8.4.4 >>> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded >>> sso-fi.bankofamerica.com to 8.8.8.8 >>> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: dnssec-query[DS] >>> sso-fi.bankofamerica.com to 8.8.8.8 >>> Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: query[A] >>> sso-fi.bankofamerica.com from 172.30.42.99 >>> Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: dnssec retry to 8.8.8.8 >>> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply >>> sso-fi.bankofamerica.com is BOGUS DS >>> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: validation result is >>> BOGUS >>> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply >>> sso-fi.bankofamerica.com is <CNAME> >>> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply >>> saml-bac.onefiserv.com is 64.128.98.58 >>> >>> _______________________________________________ >>> Cerowrt-devel mailing list >>> [email protected] >>> https://lists.bufferbloat.net/listinfo/cerowrt-devel >> >> >> >> -- >> Dave Täht >> >> NSFW: >> https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article > > > > -- > Dave Täht > > NSFW: > https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article _______________________________________________ Cerowrt-devel mailing list [email protected] https://lists.bufferbloat.net/listinfo/cerowrt-devel
