Re: [dns-operations] weird queries for mx1.mx2.mx1.mx2...

Tue, 31 Mar 2020 02:31:50 -0700 

On Tue, Mar 31, 2020 at 10:55:03AM +0200, Petr Špaček wrote:

> On 30. 03. 20 21:07, John Levine wrote:
> > In article <[email protected]> you write:
> >> This is query list for domain truckinsurancekentucky.com:
> >>
> >> mx1.mx1.mx1.mx1.mx1.mx2.mx1.mx2.mx1.mta-sts.mx1.mx1.mx2.mx2.mta-sts.mx1.mx1.truckinsurancekentucky.com.
> >>  AAAA
> > 
> >> Domain truckinsurancekentucky.com is not the only one with this weird 
> >> behavior. Does anyone have an idea what is causing this?
> > 
> > It sure looks like misconfigured mta-sts.
> > 
> > That domain is dead, got another live one we could look at and see how it's 
> > configured?  
> 
> These seem to be alive:
> 
> mx1.mx1.mx2.mx2.mx2.mx1.mx2.mx1.mta-sts.mx2.mx1.mx1.mx2.mx2.mx2.mx1.mx2.maxonsoftware.com.
>  A
> 
> mx2.mx1.mx2.mx1.mx1.mx2.mta-sts.mx1.mx2.mx2.mx1.mx2.mx1.mx2.cineversityoneonone.net.
>  A
> 
> mx2.mx1.mx1.mx1.mx2.mx2.mx2.mta-sts.mx1.mx2.mx1.mx1.mta-sts.mx2.mx2.mx2.effluentialtechnologies.net.
>  A

The DNS for these domains is busted, the servers return NoError
responses, no answer, authority or additional records other than OPT...

The NS RRs in the parent zone are:

    maxonsoftware.com. IN NS ns1.mtalist.com.deleted-ns.pw.
    maxonsoftware.com. IN NS ns2.mtalist.com.deleted-ns.pw.

    cineversityoneonone.net. IN NS ns1.mtalist.com.deleted-ns.pw.
    cineversityoneonone.net. IN NS ns2.mtalist.com.deleted-ns.pw.

    effluentialtechnologies.net. IN NS ns1.mtalist.com.deleted-ns.pw.
    effluentialtechnologies.net. IN NS ns2.mtalist.com.deleted-ns.pw.

These are not "normal" domains.

    ns1.mtalist.com.deleted-ns.pw has address 109.234.109.85
    ns2.mtalist.com.deleted-ns.pw has address 109.234.109.85

    109.234.109.85  ns7.expirationwarning.net

Someone from key-systems may be able to shed more light on the setup:

    inetnum:        109.234.108.0 - 109.234.109.255
    netname:        KEY-SYSTEMS-GMBH
    descr:          Key-Systems GmbH
    descr:          Im Oberen Werk 1
    descr:          66386 St. Ingbert
    descr:          Germany
    country:        DE

Perhaps the odd setup is tickling some bug in an MTA-STS client, or a
research scan engine (not mine, I don't probe for MTA-STS).

-- 
    Viktor.
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations

Reply via email to