Re: [PLUG] DNS, fsearch, systemd

George Langford via plug on 25 Nov 2021 07:28:26 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] DNS, fsearch, systemd

From: George Langford via plug <plug@lists.phillylinux.org>
To: plug@lists.phillylinux.org
Subject: Re: [PLUG] DNS, fsearch, systemd
Date: Thu, 25 Nov 2021 07:28:17 -0800
Authentication-results: servconfig.com; auth=pass smtp.auth=104.244.122.65@biz291.inmotionhosting.com
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=georgesbasement.com; s=default; h=Content-Transfer-Encoding:Content-Type: Message-ID:Subject:To:From:Date:MIME-Version:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=bFCQ+ueTkSr0DWRmBTz3oaYvR6e7Cy6mu1gJH9xt+YQ=; b=nppax4JZTVXSIUbL7y+WvFHz13 slhDgWG+964xs5b0GdREQzC3q1VQ82+Fe1WVst5YBkm3/0bq9WzosSlbllf/CuldCjulns7PP1u0N Y/5jW3jLM6t05BZ80glzksRJn+oHSB4Axyh5mY1q2xTVL64HbMb5bQ58Cn3lnWSk12YU3PbYfH5o2 pQpQy3/SDmEx9/iu1yp2HbVKjRNJVuMMVIP3eWPbab8O4XxVB8SNvFstxjZgTXxVhezhwtLTiQ7um zl7smF0QSuOG7uI9wY0E+hpA5mMgq4yvZfvuHtk+IYF5ywh+gTqIrCuokpu2ow3V3ZdbQ/FMdIGAz mys9Q96w==;
Reply-to: George Langford <george@georgesbasement.com>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Roundcube Webmail/1.4.11

The late Dan Kominsky first brought up dns cache poisoning in 2008,which I was ableto retrieve from my PLUG archive; Dan Goodin has carried the analysisfurther as

jeffv has brought up recently.

I've just found a class of mis-configured in-addr.arpa entries thatought to disrupt

DNS lookups. Here's a ferinstance: 162.213.255.128/25.

There's a misconfiguration in the in-addr.arpa index address for morethan fifty of these

IPv4 addresses:
dig -x 162.213.255.156 ==> ;; ANSWER SECTION:

156.255.213.162.in-addr.arpa. 1200 IN CNAME156.128-25.255.213.162.in-addr.arpa.156.128-25.255.213.162.in-addr.arpa. 7199 IN PTRserver1.jobinterview.biz.

That misconfiguration ought to interfere with the resolution ofserver1.jobinterview.biz, but it doesn't.

Is that because I've looked up those addresses too many times ?

The miscofiguration appears to stem from the original setup/registrationof the server,as 128/25 is the correct CIDR block of the affected addresses. However,the injected128-25 in 156.128-25.255.213.162.in-addr.arpa is in the wrong positionof the reversed

order of IPv4 octets, as though the misconfiguration is deliberate.
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] DNS, fsearch, systemd
  - From: David Collins via plug <plug@lists.phillylinux.org>

Prev by Date: Re: [PLUG] Running commands: was: Sys76
Next by Date: [PLUG] Enbrighten Smart Switches
Previous by thread: [PLUG] DNS, fsearch, systemd
Next by thread: Re: [PLUG] DNS, fsearch, systemd
Index(es):
- Date
- Thread