Reply to post: what's the answer when looking for something is a threat

DNS resolver 9.9.9.9 will check requests against IBM threat database

dirkjumpertz
Meh

what's the answer when looking for something is a threat

I tried some queries on Domain Names that are DGA - quite interesting. Querying for google.com and other well knows DNs makes little sense IMHO if you want to have an impression of the quality of the service.

If the DN is considered problematic, it returns NXDOMAIN and omits the AUTHORITY section.

Here are some examples, enjoy - queried against 8.8.8.8 and 9.9.9.9

; <<>> DiG 9.10.6 <<>> NS drohppbkxj.com @8.8.8.8 +multi

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61557

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;drohppbkxj.com. IN NS

;; AUTHORITY SECTION:

com. 872 IN SOA a.gtld-servers.net. nstld.verisign-grs.com. (

1536574009 ; serial

1800 ; refresh (30 minutes)

900 ; retry (15 minutes)

604800 ; expire (1 week)

86400 ; minimum (1 day)

)

;; Query time: 19 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Mon Sep 10 12:07:41 CEST 2018

;; MSG SIZE rcvd: 116

----------------------------------------------------------------------------------------

; <<>> DiG 9.10.6 <<>> NS drohppbkxj.com @9.9.9.9 +multi

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47957

;; flags: qr rd ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;drohppbkxj.com. IN NS

;; Query time: 17 msec

;; SERVER: 9.9.9.9#53(9.9.9.9)

;; WHEN: Mon Sep 10 12:07:53 CEST 2018

;; MSG SIZE rcvd: 43

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

; <<>> DiG 9.10.6 <<>> NS ngdvmtwodjjuovsnfj.ru @8.8.8.8 +multi

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51420

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;ngdvmtwodjjuovsnfj.ru. IN NS

;; AUTHORITY SECTION:

ru. 1799 IN SOA a.dns.ripn.net. hostmaster.ripn.net. (

4035250 ; serial

86400 ; refresh (1 day)

14400 ; retry (4 hours)

2592000 ; expire (4 weeks 2 days)

3600 ; minimum (1 hour)

)

;; Query time: 69 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Mon Sep 10 12:08:45 CEST 2018

;; MSG SIZE rcvd: 111

----------------------------------------------------------------------------------------

; <<>> DiG 9.10.6 <<>> NS ngdvmtwodjjuovsnfj.ru @9.9.9.9 +multi

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27399

;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;ngdvmtwodjjuovsnfj.ru. IN NS

;; AUTHORITY SECTION:

ru. 1113 IN SOA a.dns.ripn.net. hostmaster.ripn.net. (

4035250 ; serial

86400 ; refresh (1 day)

14400 ; retry (4 hours)

2592000 ; expire (4 weeks 2 days)

3600 ; minimum (1 hour)

)

;; Query time: 15 msec

;; SERVER: 9.9.9.9#53(9.9.9.9)

;; WHEN: Mon Sep 10 12:09:04 CEST 2018

;; MSG SIZE rcvd: 111

----------------------------------------------------------------------------------------

----------------------------------------------------------------------------------------

; <<>> DiG 9.10.6 <<>> NS e70ae5a2.eu @8.8.8.8 +multi

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21315

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 512

;; QUESTION SECTION:

;e70ae5a2.eu. IN NS

;; ANSWER SECTION:

e70ae5a2.eu. 299 IN NS ns1.honeybot.us.

e70ae5a2.eu. 299 IN NS ns2.honeybot.us.

;; Query time: 135 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Mon Sep 10 12:12:21 CEST 2018

;; MSG SIZE rcvd: 87

----------------------------------------------------------------------------------------

; <<>> DiG 9.10.6 <<>> NS e70ae5a2.eu @9.9.9.9 +multi

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41743

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags:; udp: 4096

;; QUESTION SECTION:

;e70ae5a2.eu. IN NS

;; ANSWER SECTION:

e70ae5a2.eu. 300 IN NS ns1.honeybot.us.

e70ae5a2.eu. 300 IN NS ns2.honeybot.us.

;; Query time: 118 msec

;; SERVER: 9.9.9.9#53(9.9.9.9)

;; WHEN: Mon Sep 10 12:12:44 CEST 2018

;; MSG SIZE rcvd: 87

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon