Nice! Good catch about the dns-0x20 implementation! I must have copy/pasted some properties without looking much into it.
Is there a way to avoid unbound to fetch the root tld ? (just "com") ? Thank you very much for your help! Le mar. 13 sept. 2022 à 08:36, Bernardo Reino via mailop <[email protected]> a écrit : > On 13/09/2022 07:55, Cyril - ImprovMX via mailop wrote: > > Hi everyone! > > > > [...] > > > > Here's the Unbound configuration: https://pastebin.com/Bn7B3uCv > (expires in > > a month). > > > > [...] > > > > 1. The first issue is that it seems that we are querying URIBL using > random > > lower/upper case domains. We had queries such as: > > > > - SoMeDoMaIn.cOM._custom_id.dF.URIbl.cOM > > - AnOtHeRDoM.ApP._custom_id.dF.UrIbL.COM > > - etc > > You have set the use-caps-for-id option in unbound: > "Use 0x20-encoded random bits in the query to foil spoof attempts. > This perturbs the lowercase and uppercase of query names sent to > authority servers and checks if the reply still has the correct > casing. Disabled by default. This feature is an experimental > implementation of draft dns-0x20." > > > 2. The other issue is even weirder. SA is trying to validate the domains > by > > trimming the left part up to the gTLDs : > > > > > > - some.domain.com._custom_id.df.uribl.com > > - domain.com._custom_id.df.uribl.com > > - com._custom_id.df.uribl.com <-- wtf? > > > > Somehow, something is trying to check up to the top TLD, where it's > > useless. Again, I can't understand why SA would do that. > > This is probably unbound doing what it does, recursive resolving (from > TLD all the way down). > > Hope that helps, > > -- > Bernardo Reino > > _______________________________________________ > mailop mailing list > [email protected] > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
