양지은 부재중 자동응답: RE: bind-users Digest, Vol 1966, Issue 1

2014-10-29 Thread 양지은 

NAVER - http://www.naver.com/

양지은(jieun.yang@navercorp...) 님은 현재 부재중입니다./br
보내신 메일 bind-users Digest, Vol 1966, Issue 1 은 저장되어 있으므로 다시 보내실 필요는 없습니다./br
양지은(jieun.yang@navercorp...) 님이 남기신 메시지 입니다.

해외 출장으로 인한 부재중입니다.br급한신 용무는 brCDN/DNS/GTM DL로 문의부탁드립니다.


___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

numerous nsec3 bad cache hits

2014-10-29 Thread Antonio Querubin 
On one of my servers I'm seeing numerous log entries of the following 
type:


Oct 29 07:40:14 mx2 named[14747]:   validating @0x7f3378be05b0: fema.net 
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]:   validating @0x7f3378be05b0: 
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit 
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]:   validating @0x7f3378be05b0: 
jkkfnbb4eep0h0ltjf1cisf4eo2lgnm5.fema.net NSEC3: bad cache hit 
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]:   validating @0x7f3378be05b0: fema.net 
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]:   validating @0x7f3378be05b0: 
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit 
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]:   validating @0x7f3378be05b0: 
jkkfnbb4eep0h0ltjf1cisf4eo2lgnm5.fema.net NSEC3: bad cache hit 
(fema.net/DNSKEY)
Oct 29 07:40:15 mx2 named[14747]:   validating @0x7f3378be05b0: fema.net 
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]:   validating @0x7f3378be05b0: fema.net 
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]:   validating @0x7f3378be05b0: 
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit 
(fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]:   validating @0x7f3378be05b0: fema.net 
SOA: bad cache hit (fema.net/DNSKEY)
Oct 29 07:40:20 mx2 named[14747]:   validating @0x7f3378be05b0: 
6o978dethbt4s0cg8sfb1jsts4ssimsc.fema.net NSEC3: bad cache hit 
(fema.net/DNSKEY)


I'm guessing this is some kind of brute force attack on BIND trying to 
take advantage of a broken dnssec configuration for fema.net?  The problem 
is that the syslog is filled with these messages.


Antonio Querubin
e-mail:  t...@lavanauts.org
xmpp:  antonioqueru...@gmail.com
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: numerous nsec3 bad cache hits

2014-10-29 Thread Mark Andrews 

Well complain to FEMA about the broken DNSSEC delegation.  The emails
to address the complaints to are below.  The DS records don't match
the DNSKEY records.  None of the DNSKEY records key ids match those
in the DS records.

dig ds fema.net
dig dnskey fema.net +cd +rrcomment

Fixing this should take less than 5 minutes for someone with the
correct credentials.

The DS record that should be in place are these.

% dig fema.net dnskey +cd +rrcomm | dnssec-dsfromkey -f - fema.net
fema.net. IN DS 53044 8 1 8843998556D7DF20612518A0F6FF8F69E436F400
fema.net. IN DS 53044 8 2 
42D3D6DA12B06E438A83584B8E19D06EBD6EC1010E5BD01DD68C2AFA0B73A91A
%

Mark

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: FEMA.NET
   Registrar: NETWORK SOLUTIONS, LLC.
   Whois Server: whois.networksolutions.com
   Referral URL: http://networksolutions.com
   Name Server: ASIA2.AKAM.NET
   Name Server: ASIA3.AKAM.NET
   Name Server: EUR2.AKAM.NET
   Name Server: USC2.AKAM.NET
   Name Server: USE1.AKAM.NET
   Name Server: USE3.AKAM.NET
   Name Server: USW3.AKAM.NET
   Name Server: USW4.AKAM.NET
   Status: clientTransferProhibited
   Updated Date: 29-oct-2014
   Creation Date: 22-mar-1996
   Expiration Date: 23-mar-2016

 Last update of whois database: Wed, 29 Oct 2014 20:26:25 GMT 

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' (VeriSign) Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.


Domain Name: FEMA.NET
Registry Domain ID:
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2014-10-29T00:00:00Z
Creation Date: 1996-03-22T00:00:00Z
Registrar Registration Expiration Date: 2016-03-23T00:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: ab...@web.com
Registrar Abuse Contact Phone: +1.8003337680
Reseller:
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: Federal Emergency Management Agency
Registrant Organization: Federal Emergency Management Agency
Registrant Street: 500 C Street, SW
Registrant City: Washington
Registrant State/Province: DC
Registrant Postal Code: 20472
Registrant Country: US
Registrant Phone: +1.2026462918
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: ann.hirs...@dhs.gov
Registry Admin ID:
Admin Name: Federal Emergency Management Agency
Admin Organization: Federal Emergency Management Agency
Admin Street: 500 C Street, SW
Admin City: Washington
Admin State/Province: DC
Admin Postal Code: 20472
Admin Country: US
Admin Phone: +1.2026462918
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: lisa.h...@fema.dhs.gov
Registry Tech ID:
Tech Name: Hart, Lisa
Tech Organization: FEMA
Tech Street: 188 Brooke Rd
Tech City: Winchester
Tech State/Province: VA
Tech Postal Code: 22603
Tech Country: US