Quantcast
Channel: Network – Weberblog.net
Viewing all articles
Browse latest Browse all 253

DNS Capture – The Records Edition

$
0
0

Some time ago I published a post called DNS Test Names & Resource Records which lists many different FQDNs with lots of different RRs. You can use those public available DNS names to test your DNS servers or the like. However, I was missing a packet capture showing all these resource records as they appear on the wire. So now, here it is. If you are searching for some packets to test your tools for whatever reason, feel free to download this pcap.

This blogpost is part of a series about DNSSEC. Refer to this list for all articles.

Some Notes

  • I was basically looking up every single hostname that I listed in this blogpost.
  • I was using “host” to query A and AAAA records simultaneously and “dig” for more specific RRs. (Yes, I could do everything with each of them. But now I have some variance in the trace as well.)
  • However, I ran into some issues with “host”. For example, 
    host 64aaaa.weberdns.de 2620:fe::fe
    was not working; error message “;; connection timed out; no servers could be reached”. Probably due to my intermediate firewall (Palo Alto Networks) or the used IPv6 Tunnel Broker?!? (I have looked up the counters on Palo Alto, but no drops. So probably due to the 6in4 tunnel broker?) Wireshark shows some “malformed DNS” packets. With dig, it was working
    dig 64aaaa.weberdns.de @2620:fe::fe aaaa
    . Anyway, I let those falsified connections in the trace as well. That’s life. ;)
  • Since I am generally more interested in IPv6 rather than legacy IP, I issued all queries via IPv6 and IPv4. This should give a wide range of different DNS packets in the trace file.
  • I was using the recursive DNS servers from Quad9, for IPv6 (2620:fe::fe) as well as for legacy IP (9.9.9.9).
  • For some reason, I had problems querying Quad9 for “RRSIG” resource records.
    dig @2620:fe::fe many-rrs.weberdns.de rrsig
    let to SERVFAIL responses in some situations, while others worked. Don’t know why as well.
  • I did not specify whether UDP or TCP shall be used. I simply let the tools decide.
  • I end up with 71 queries for each Internet Protocol, that is, 142 queries in total. ;) And since “host” queries A/AAAA/MX records for each FQDN, there are even more queries in the final trace.
  • I used a capture filter with tcpdump with only the hosts rather than “port 53” or the like to omit this reported filter issue in which IP fragments were not captured.

Download

This is the pcap as well as the PuTTY log during the requests, 7zipped, 35 kb:

Opening the trace with Wireshark you’ll find many different queries for many different RRs:

And, as already noted above, not everything worked without any problems:

DNS Queries

This is the full list of all queries. (You already have the complete session log from all queries, since it is within the download section above.)

###### Legacy IP ######
host ttl-0s.weberdns.de 9.9.9.9
host ttl-1s.weberdns.de 9.9.9.9
host ttl-1m.weberdns.de 9.9.9.9
host ttl-30d.weberdns.de 9.9.9.9
host ttl-52w.weberdns.de 9.9.9.9
host ttl-max.weberdns.de 9.9.9.9
dig @9.9.9.9 loop.weberdns.de
dig @9.9.9.9 cnamex.weberdns.de
dig @9.9.9.9 cname1.weberdns.de
host 16a.weberdns.de 9.9.9.9
host 16aaaa.weberdns.de 9.9.9.9
host 16dual.weberdns.de 9.9.9.9
host 32a.weberdns.de 9.9.9.9
host 32aaaa.weberdns.de 9.9.9.9
host 32aaaa-long.weberdns.de 9.9.9.9
host 32dual.weberdns.de 9.9.9.9
host 32dual-long.weberdns.de 9.9.9.9
host 64a.weberdns.de 9.9.9.9
host 64aaaa.weberdns.de 9.9.9.9
host 64dual.weberdns.de 9.9.9.9
host many-rrs.weberdns.de 9.9.9.9
dig @9.9.9.9 many-rrs.weberdns.de aaaa
dig @9.9.9.9 many-rrs.weberdns.de a
dig @9.9.9.9 many-rrs.weberdns.de caa
dig @9.9.9.9 many-rrs.weberdns.de nsec
dig @9.9.9.9 many-rrs.weberdns.de rrsig
dig @9.9.9.9 many-rrs.weberdns.de sshfp
dig @9.9.9.9 many-rrs.weberdns.de apl
dig @9.9.9.9 many-rrs.weberdns.de loc
dig @9.9.9.9 many-rrs.weberdns.de rp
dig @9.9.9.9 many-rrs.weberdns.de txt
host abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.weberdns.de 9.9.9.9
host abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz.weberdns.de 9.9.9.9
host sub1.weberdns.de 9.9.9.9
host sub2.sub1.weberdns.de 9.9.9.9
host sub3.sub2.sub1.weberdns.de 9.9.9.9
host sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9
host sub5.sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9
host sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9
host sub7.sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9
host sub8.sub7.sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 9.9.9.9
host xn--bergrssentrger-gib5zmd.weberdns.de 9.9.9.9
host xn--heizlrckstossabdmpfung-g5b33b6e.weberdns.de 9.9.9.9
host xn--ser-0ma.weberdns.de 9.9.9.9
host xn--fan-2na.weberdns.de 9.9.9.9
host xn--fnf-hoa.weberdns.de 9.9.9.9
host xn--dsire-bsad.weberdns.de 9.9.9.9
host xn--hr-yia.weberdns.de 9.9.9.9
host xn--yourt-l1a.weberdns.de 9.9.9.9
host xn--0cabeeefjijjmm4zxa8aa0byb0b1b6b5byc5b0cycxc6czc5c4c.weberdns.de 9.9.9.9
host xn--ddabeekggjjjx59c0ay7a7a9dtb0a6a6b4b7f2bxcwc1e0cvc8c7c.weberdns.de 9.9.9.9
host xn--ss-xja9aehhiki25gyaz3a4a6a7a3bzb4b8b5b3bzcxczc1c1c2ewc3c.weberdns.de 9.9.9.9
dig @9.9.9.9 _sip._tcp.weberdns.de srv
dig @9.9.9.9 ip-documentation.weberdns.de apl
dig @9.9.9.9 host-dane-self.weberdns.de rp
dig @9.9.9.9 host-dnssec.weberdns.de hinfo
dig @9.9.9.9 weberdns.de soa
dig @9.9.9.9 weberdns.de ns
dig @9.9.9.9 weberdns.de mx
dig @9.9.9.9 weberdns.de caa
dig @9.9.9.9 weberdns.de loc
dig @9.9.9.9 weberdns.de dnskey
dig @9.9.9.9 weberdns.de ds
dig @9.9.9.9 a.weberdns.de +dnssec
dig @9.9.9.9 a.weberdns.de nsec
dig @9.9.9.9 sshfp.net nsec3param
dig @9.9.9.9 foobar.sshfp.net +dnssec
dig @9.9.9.9 _25._tcp.mail.weberdns.de tlsa
dig @9.9.9.9 1d4b41c9db9172e5f151e4a5fe3c57ca3f98b8e6ba807450b10d1897._openpgpkey.weberdns.de openpgpkey
dig @9.9.9.9 -x 1.1.1.1
dig @9.9.9.9 -x 2606:4700:4700::1111

###### IPv6 ######
host ttl-0s.weberdns.de 2620:fe::fe
host ttl-1s.weberdns.de 2620:fe::fe
host ttl-1m.weberdns.de 2620:fe::fe
host ttl-30d.weberdns.de 2620:fe::fe
host ttl-52w.weberdns.de 2620:fe::fe
host ttl-max.weberdns.de 2620:fe::fe
dig @2620:fe::fe loop.weberdns.de
dig @2620:fe::fe cnamex.weberdns.de
dig @2620:fe::fe cname1.weberdns.de
host 16a.weberdns.de 2620:fe::fe
host 16aaaa.weberdns.de 2620:fe::fe
host 16dual.weberdns.de 2620:fe::fe
host 32a.weberdns.de 2620:fe::fe
host 32aaaa.weberdns.de 2620:fe::fe
host 32aaaa-long.weberdns.de 2620:fe::fe
host 32dual.weberdns.de 2620:fe::fe
host 32dual-long.weberdns.de 2620:fe::fe
host 64a.weberdns.de 2620:fe::fe
host 64aaaa.weberdns.de 2620:fe::fe
host 64dual.weberdns.de 2620:fe::fe
host many-rrs.weberdns.de 2620:fe::fe
dig @2620:fe::fe many-rrs.weberdns.de aaaa
dig @2620:fe::fe many-rrs.weberdns.de a
dig @2620:fe::fe many-rrs.weberdns.de caa
dig @2620:fe::fe many-rrs.weberdns.de nsec
dig @2620:fe::fe many-rrs.weberdns.de rrsig
dig @2620:fe::fe many-rrs.weberdns.de sshfp
dig @2620:fe::fe many-rrs.weberdns.de apl
dig @2620:fe::fe many-rrs.weberdns.de loc
dig @2620:fe::fe many-rrs.weberdns.de rp
dig @2620:fe::fe many-rrs.weberdns.de txt
host abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.weberdns.de 2620:fe::fe
host abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz1234567890.abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz.weberdns.de 2620:fe::fe
host sub1.weberdns.de 2620:fe::fe
host sub2.sub1.weberdns.de 2620:fe::fe
host sub3.sub2.sub1.weberdns.de 2620:fe::fe
host sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe
host sub5.sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe
host sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe
host sub7.sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe
host sub8.sub7.sub6.sub5.sub4.sub3.sub2.sub1.weberdns.de 2620:fe::fe
host xn--bergrssentrger-gib5zmd.weberdns.de 2620:fe::fe
host xn--heizlrckstossabdmpfung-g5b33b6e.weberdns.de 2620:fe::fe
host xn--ser-0ma.weberdns.de 2620:fe::fe
host xn--fan-2na.weberdns.de 2620:fe::fe
host xn--fnf-hoa.weberdns.de 2620:fe::fe
host xn--dsire-bsad.weberdns.de 2620:fe::fe
host xn--hr-yia.weberdns.de 2620:fe::fe
host xn--yourt-l1a.weberdns.de 2620:fe::fe
host xn--0cabeeefjijjmm4zxa8aa0byb0b1b6b5byc5b0cycxc6czc5c4c.weberdns.de 2620:fe::fe
host xn--ddabeekggjjjx59c0ay7a7a9dtb0a6a6b4b7f2bxcwc1e0cvc8c7c.weberdns.de 2620:fe::fe
host xn--ss-xja9aehhiki25gyaz3a4a6a7a3bzb4b8b5b3bzcxczc1c1c2ewc3c.weberdns.de 2620:fe::fe
dig @2620:fe::fe _sip._tcp.weberdns.de srv
dig @2620:fe::fe ip-documentation.weberdns.de apl
dig @2620:fe::fe host-dane-self.weberdns.de rp
dig @2620:fe::fe host-dnssec.weberdns.de hinfo
dig @2620:fe::fe weberdns.de soa
dig @2620:fe::fe weberdns.de ns
dig @2620:fe::fe weberdns.de mx
dig @2620:fe::fe weberdns.de caa
dig @2620:fe::fe weberdns.de loc
dig @2620:fe::fe weberdns.de dnskey
dig @2620:fe::fe weberdns.de ds
dig @2620:fe::fe a.weberdns.de +dnssec
dig @2620:fe::fe a.weberdns.de nsec
dig @2620:fe::fe sshfp.net nsec3param
dig @2620:fe::fe foobar.sshfp.net +dnssec
dig @2620:fe::fe _25._tcp.mail.weberdns.de tlsa
dig @2620:fe::fe 1d4b41c9db9172e5f151e4a5fe3c57ca3f98b8e6ba807450b10d1897._openpgpkey.weberdns.de openpgpkey
dig @2620:fe::fe -x 1.1.1.1
dig @2620:fe::fe -x 2606:4700:4700::1111

That’s it. God bless!

Photo by Mark Solarski on Unsplash.

Viewing all articles
Browse latest Browse all 253

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>