| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: rol at witbe.net (Paul Rolland) Subject: FW: Question for DNS pros Hello, > > dns query is being asked...something like > > tcpdump -n -s 1500 udp and port 53 and host 1.2.3.4 > > > I already did this, and I already posted it here. It didn't reveal > anything that I wasn't already aware of - ns requests and ptr > requests for > that IP. Update your tcpdump or verify the syntax. I just tried : tcpdump -v -s 1500 -n udp port 53 on our NS server, and it shows the complete details of the request. 09:38:50.669060 eth0 < 67.166.39-62.rev.gaoland.net.3746 > sim-01.PAR.witbe.net.domain: 34277+ PTR? 250.92.168.192.in-addr.arpa. (45) (DF) (ttl 61, id 145) 09:38:50.669312 eth0 > sim-01.PAR.witbe.net.domain > 67.166.39-62.rev.gaoland.net.3746: 34277 NXDomain* 0/1/0 (106) (ttl 64, id 22280) 09:38:50.672336 eth0 < 67.166.39-62.rev.gaoland.net.3746 > sim-01.PAR.witbe.net.domain: 34278+ A? bench-02.cou.zt.witbe.net. (43) (DF) (ttl 61, id 145) 09:38:50.672998 eth0 < cms-01.PAR.witbe.net.39257 > sim-01.PAR.witbe.net.domain: 8689+ PTR? 67.166.39.62.in-addr.arpa. (43) (DF) (ttl 64, id 34765) 09:38:50.673026 eth0 > sim-01.PAR.witbe.net.domain > 67.166.39-62.rev.gaoland.net.3746: 34278 Refused 0/0/0 (43) (ttl 64, id 22282) ... Regards, Paul
Powered by blists - more mailing lists