MoinQ: DNS/awsdns/乗取/advbooking.com

https://twitter.com/otsuka0752/status/1218111486121431040?s=20

親と子で NS が完全一致しない場合に「乗取が懸念される」と判断しています。特に、子が余計な NS(親に書かれていない NS)を応答している場合はヤバイと判断できると思います。検出するアルゴリズムを再考＆実装しなければ・・・
(おしまい)

兆候ではあるが、乗取だと判断する根拠にはならない。-- ToshinoriMaeno 2020-01-21 03:06:42

• ここのように、返答がすべて異なるのであれば状況証拠になる。

1. watchA

https://advbooking.com

DNS zone 復活?

• whois Updated Date: 2019-11-28T19:31:45Z (更新なし)

2. whois

   Domain Name: ADVBOOKING.COM
   Registry Domain ID: 1887589104_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.register.com
   Registrar URL: http://www.register.com
   Updated Date: 2019-11-28T19:31:45Z
   Creation Date: 2014-11-28T03:03:02Z
   Registry Expiry Date: 2020-11-28T03:03:02Z
   Registrar: Register.com, Inc.
   Registrar IANA ID: 9
   Registrar Abuse Contact Email: abuse@web.com
   Registrar Abuse Contact Phone: +1.8003337680
   Domain Status: ok https://icann.org/epp#ok
   Name Server: NS-1330.AWSDNS-38.ORG
   Name Server: NS-1570.AWSDNS-04.CO.UK
   Name Server: NS-3.AWSDNS-00.COM
   Name Server: NS-824.AWSDNS-39.NET
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2020-01-19T23:57:53Z <<<

3. history

$ dig -t ns advbooking.com @ns-3.awsdns-00.com

; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> -t ns advbooking.com @ns-3.awsdns-00.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12936
;; flags: qr aa rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;advbooking.com.                        IN      NS

;; ANSWER SECTION:
advbooking.com.         172800  IN      NS      ns-1488.awsdns-58.org.
advbooking.com.         172800  IN      NS      ns-1928.awsdns-49.co.uk.
advbooking.com.         172800  IN      NS      ns-3.awsdns-00.com.
advbooking.com.         172800  IN      NS      ns-990.awsdns-59.net.

;; Query time: 106 msec
;; SERVER: 205.251.192.3#53(205.251.192.3)
;; WHEN: Mon Jan 20 08:58:47 JST 2020
;; MSG SIZE  rcvd: 178

$ dig -t ns advbooking.com @ns-824.awsdns-39.net

advbooking.com.         172800  IN      NS      ns-1275.awsdns-31.org.
advbooking.com.         172800  IN      NS      ns-1624.awsdns-11.co.uk.
advbooking.com.         172800  IN      NS      ns-80.awsdns-10.com.
advbooking.com.         172800  IN      NS      ns-824.awsdns-39.net.

CategoryDns CategoryWatch CategoryTemplate