date:20140626

Re: [dns-operations] Current thinking on internal corporate/campus domain names

2014-06-26 Thread Barber, Piet

These are my favorites:

corp.verio.net. 0   IN  NS  10.254.241.250.
corp.verio.net.  0  IN  NS  198.104.179.227.


There's a non-zero amount of traffic sent to the root servers from such
behavior.



On 2014-06-24, 13:03, Jared Mauch ja...@puck.nether.net wrote:


On Jun 24, 2014, at 12:53 PM, Phil Regnauld regna...@nsrc.org wrote:

 Jared Mauch (jared) writes:
 
 On Jun 24, 2014, at 9:01 AM, Kelly Setzer kelly.set...@wnco.com
wrote:
 
 * Most respondents agreed that a registered domain for internal DNS
was
 the way to go.
 
 Beware the mistakes of others as well, check out 'corp.verio.net' as
an example of a poorly operated sub-domain.
 
  corp.verio.net is indeed a subdomain, and not a registered domain:

Sorry, you seem to need more data to observe what i was trying to point
out..

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;corp.verio.net.   IN  NS

;; ANSWER SECTION:
corp.verio.net.0   IN  NS  10.254.241.250.
corp.verio.net.0   IN  NS  
stngva1-dc05.wpm.corp.verio.net.
corp.verio.net.0   IN  NS  
frnkde1-dc03.corp.verio.net.
corp.verio.net.0   IN  NS  ns1.secure.net.
corp.verio.net.0   IN  NS  
stngva1-dc03.corp.verio.net.
corp.verio.net.0   IN  NS  w3scva02.win.smewh.net.
corp.verio.net.0   IN  NS  w3scva00.win.smewh.net.
corp.verio.net.0   IN  NS  
neutde1-dc00.corp.verio.net.
corp.verio.net.0   IN  NS  
stngva1-dc06.wpm.corp.verio.net.
corp.verio.net.0   IN  NS  w3scca01.win.smewh.net.
corp.verio.net.0   IN  NS  
oremut1-dc03.corp.verio.net.
corp.verio.net.0   IN  NS  w3dwin01.win.smewh.net.
corp.verio.net.0   IN  NS  
iad-wprd-cordc1.corp.verio.net.
corp.verio.net.0   IN  NS  w3scva03.win.smewh.net.
corp.verio.net.0   IN  NS  s.ns.verio.net.
corp.verio.net.0   IN  NS  a.ns.verio.net.
corp.verio.net.0   IN  NS  
stngva1-dc01.corp.verio.net.
corp.verio.net.0   IN  NS  
bcrtfl1-fdc00.corp.verio.net.
corp.verio.net.0   IN  NS  ns2.secure.net.
corp.verio.net.0   IN  NS  198.104.179.227.
corp.verio.net.0   IN  NS  neutde1-dc03.
corp.verio.net.0   IN  NS  
iad-wprd-cordc2.corp.verio.net.
corp.verio.net.0   IN  NS  
frnkde1-dc00.corp.verio.net.
corp.verio.net.0   IN  NS  w3scca00.win.smewh.net.
corp.verio.net.0   IN  NS  
stngva1-dc04.corp.verio.net.
corp.verio.net.0   IN  NS  w3scsp01.win.smewh.net.
corp.verio.net.0   IN  NS  
bcrtfl3-pdevdc1.pdev.verio.net.
corp.verio.net.0   IN  NS  w3scde01.win.smewh.net.
corp.verio.net.0   IN  NS  w3dwin00.win.smewh.net.
corp.verio.net.0   IN  NS  w3scca02.win.smewh.net.
corp.verio.net.0   IN  NS  
oremut1-dc00.corp.verio.net.
corp.verio.net.0   IN  NS  
neutde1-dc03.corp.verio.net.
corp.verio.net.0   IN  NS  w3scga01.win.smewh.net.
corp.verio.net.0   IN  NS  
stngva1-dc02.corp.verio.net.
corp.verio.net.0   IN  NS  
bcrtfl1-fdc01.corp.verio.net.
corp.verio.net.0   IN  NS  
bcrtfl3-pdevdc2.pdev.verio.net.
corp.verio.net.0   IN  NS  
bcrtfl1-dc04.corp.verio.net.
corp.verio.net.0   IN  NS  neutde1-dc00.

Please point out the trouble with this in one sentence or less.

- jared
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs


___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Re: [dns-operations] Current thinking on internal corporate/campus domain names

2014-06-26 Thread Chris Thompson


On Jun 26 2014, Barber, Piet wrote:


These are my favorites:

corp.verio.net. 0   IN  NS  10.254.241.250.
corp.verio.net.  0  IN  NS  198.104.179.227.


There's a non-zero amount of traffic sent to the root servers from such
behavior.


Maybe the 256 TLDs 0 .. 255 could be usefully black-holed by
DNAME'ing them to EMPTY.AS112.ARPA once we have
 
http://tools.ietf.org/html/draft-ietf-dnsop-as112-dname-03


deployed?

--
Chris Thompson   University of Cambridge Information Services,
Email: c...@uis.cam.ac.ukRoger Needham Building, 7 JJ Thomson Avenue,
Phone: +44 1223 334715   Cambridge CB3 0RB, United Kingdom.

___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Re: [dns-operations] Current thinking on internal corporate/campus domain names

2014-06-26 Thread Chris Thompson


On Jun 24 2014, Robert Edmonds wrote:


Jared Mauch wrote:

Sorry, you seem to need more data to observe what i was trying to point out..

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;corp.verio.net.IN  NS

;; ANSWER SECTION:
corp.verio.net. 0   IN  NS  10.254.241.250.

[... far too much omitted ...]

corp.verio.net. 0   IN  NS  neutde1-dc00.

Please point out the trouble with this in one sentence or less.


Oh my god.


Only appropriate if your god is a particularly vengeful one, liable
to inflict fire and brimstone on the perpetrators, with wailing and
gnashing of teeth ... [oops, some sort of mixup with Luis Suarez there]

--
Chris Thompson   University of Cambridge Information Services,
Email: c...@uis.cam.ac.ukRoger Needham Building, 7 JJ Thomson Avenue,
Phone: +44 1223 334715   Cambridge CB3 0RB, United Kingdom.

___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Re: [dns-operations] Malware queries: code to detect, block domains and subdomains

2014-06-26 Thread Nick Urbanik


On 20/06/14 16:07 +1000, Nick Urbanik wrote:

Our DNS caches are subject to a massive load of queries which resulted
initially in SERVFAIL.  The pattern is a parent DNS domain, with
queries for tens of thousands of apparently randomly generated
subdomains all initially resulting in SERVFAIL.

I have written code to analyse the query-errors log to detect these
patterns and blackhole the entire domain automatically.  I can tidy
the code up and make it freely available if there is sufficient
interest.


The code is now available at http://nicku.org/software/#dns-malware-blocker

Feedback welcome.
--
Nick Urbanik http://nicku.org 808-71011 nick.urba...@optusnet.com.au
GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24  ID: BB9D2C24
I disclaim, therefore I am.
___
dns-operations mailing list
dns-operations@lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs

Re: [dns-operations] Current thinking on internal corporate/campus domain names

Re: [dns-operations] Current thinking on internal corporate/campus domain names

Re: [dns-operations] Current thinking on internal corporate/campus domain names

Re: [dns-operations] Malware queries: code to detect, block domains and subdomains

4 matches

Site Navigation

Mail list logo

Footer information