DNS and QNAME MINIMISATION

• Previous message (by thread): historical BGP announcements? (pre-1997)
• Next message (by thread): EXERCISE: 2019 IAA Planetary Defence Conference - Day 5 Scenario
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Recursive servers that perform QNAME MINIMISATION are being deployed
and they are exposing broken delegations like this one.

% dig -x 142.136.234.134
;; BADCOOKIE, retrying.

; <<>> DiG 9.15.0-dev+hotspot+add-prefetch+marka <<>> -x 142.136.234.134
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 39443
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d4d342d1c371c244772e3c725cd0e9163bc9f7112443be2b (good)
;; QUESTION SECTION:
;134.234.136.142.in-addr.arpa.	IN	PTR

;; Query time: 4140 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 07 12:10:30 AEST 2019
;; MSG SIZE  rcvd: 85

%

Now you may think, so what? But when you do a dig +trace you
find this at the end

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27732
;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;134.234.136.142.in-addr.arpa.	IN	PTR

;; AUTHORITY SECTION:
136.142.in-addr.arpa.	86400	IN	NS	ns1.twcable.com.
136.142.in-addr.arpa.	86400	IN	NS	ns2.twcable.com.
136.142.in-addr.arpa.	10800	IN	NSEC	137.142.in-addr.arpa. NS RRSIG NSEC
136.142.in-addr.arpa.	10800	IN	RRSIG	NSEC 5 4 10800 20190521003550 20190506233550 3402 142.in-addr.arpa. CErPYfRum0q2On4+XSc3avPzzqYa98oxYFp+8NRblUnbgAQ02Jta/FWS NcpBBvMnw6sTIfsVY0TqgAC6MCMj8ojHca3+IgVFqa2gSPISewvH1ajl rNLPAiIgiOjIwdQFe2FRd9UaKnl3XKGsYYLFmAe4yn3wL5aIRaVKjFAi y0w=

;; Query time: 373 msec
;; SERVER: 2001:67c:e0::10#53(2001:67c:e0::10)
;; WHEN: Tue May 07 12:11:46 AEST 2019
;; MSG SIZE  rcvd: 322

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59480
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;134.234.136.142.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
134.234.136.142.in-addr.arpa. 14400 IN	PTR	nce.mail.chartercom.com.

;; AUTHORITY SECTION:
234.136.142.in-addr.arpa. 500	IN	NS	cdp-wn-tm-5-01.inf.twcable.com.

;; Query time: 1009 msec
;; SERVER: 165.237.86.252#53(165.237.86.252)
;; WHEN: Tue May 07 12:11:47 AEST 2019
;; MSG SIZE  rcvd: 135

% 

And I’m pretty sure Charter/TWCable want email to be
delivered to/from them.  The reason for the failure is that
cdp-wn-tm-5-01.inf.twcable.com does not exist and qname
minimisation results in the recursive server discovering
the NS record and as there is no A or AAAA records for
this name the PTR lookup fails.

% dig cdp-wn-tm-5-01.inf.twcable.com
;; BADCOOKIE, retrying.

; <<>> DiG 9.15.0-dev+hotspot+add-prefetch+marka <<>> cdp-wn-tm-5-01.inf.twcable.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48170
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d39d81ee2cc4f57c8558cf475cd0eaa7f5079768e7dfb548 (good)
;; QUESTION SECTION:
;cdp-wn-tm-5-01.inf.twcable.com.	IN	A

;; AUTHORITY SECTION:
twcable.com.		3600	IN	SOA	ns1.twcable.com. hostmaster.pblpdns01.twcable.com. 2019042503 14400 7200 604800 3600

;; Query time: 610 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue May 07 12:17:11 AEST 2019
;; MSG SIZE  rcvd: 170

% 

-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

• Previous message (by thread): historical BGP announcements? (pre-1997)
• Next message (by thread): EXERCISE: 2019 IAA Planetary Defence Conference - Day 5 Scenario
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]