DNS Recursion

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

DNS Recursion

Silvenga
I've recently moved my ASSPv2 instance to a new machine and I noticed that lookups for URIBL and DNSBL were succeeding on IP's that I knew were blacklisted. So I fired up the BIND query logging and I saw the following:

...
client 127.0.0.1#55799 (30.41.95.209.zen.spamhaus.org): query: 30.41.95.209.zen.spamhaus.org IN A - (127.0.0.1)
client 127.0.0.1#8799 (sourceforge.net): query: sourceforge.net IN A + (127.0.0.1)
...

Most of the queries (senderbase.org, sourceforge.net, tests for MX/SPF/DMARC/PTR records, etc.) were requesting recursion with the RD bit (the plus sign at the end). However, queries for URIBL and DNSBL were not (the minus sign at the end) - relying on my DNS's cache. My DNS server being the recursive server that it grew up to be could not give the correct DNS results when using only its cache - rather it gave completely empty results.

After I run a query with the recursive bit set, like the following:

dig A 30.41.95.208.zen.spamhaus.org

ASSP did pick up the records correctly.

I honestly don't know very much about DNS - should ASSP be setting the recursive flag?

Regards,

Mark

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: DNS Recursion

Thomas Eckardt/eck
I saw and can confirm, that the RD flag is no longer set per default, if a
DNS packet is created (without a Resolver-object) since any of the latest
versions of Net::DNS.
The next release will fix this.

Thomas






Von:    Mark Lopez <[hidden email]>
An:     "[hidden email]"
<[hidden email]>
Datum:  27.12.2015 05:20
Betreff:        [Assp-user] DNS Recursion



I've recently moved my ASSPv2 instance to a new machine and I noticed that
lookups for URIBL and DNSBL were succeeding on IP's that I knew were
blacklisted. So I fired up the BIND query logging and I saw the following:

...
client 127.0.0.1#55799 (30.41.95.209.zen.spamhaus.org): query:
30.41.95.209.zen.spamhaus.org IN A - (127.0.0.1)
client 127.0.0.1#8799 (sourceforge.net): query: sourceforge.net IN A +
(127.0.0.1)
...

Most of the queries (senderbase.org, sourceforge.net, tests for
MX/SPF/DMARC/PTR records, etc.) were requesting recursion with the RD bit
(the plus sign at the end). However, queries for URIBL and DNSBL were not
(the minus sign at the end) - relying on my DNS's cache. My DNS server
being the recursive server that it grew up to be could not give the
correct DNS results when using only its cache - rather it gave completely
empty results.

After I run a query with the recursive bit set, like the following:

dig A 30.41.95.208.zen.spamhaus.org

ASSP did pick up the records correctly.

I honestly don't know very much about DNS - should ASSP be setting the
recursive flag?

Regards,

Mark

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: DNS Recursion

Silvenga
Awesome! Although, even without blacklist checks ASSTR still caught 100% of incoming SPAM. :)

Regards,

Mark

-----Original Message-----
From: Thomas Eckardt [mailto:[hidden email]]
Sent: Sunday, December 27, 2015 3:37 AM
To: For Users of ASSP <[hidden email]>
Subject: Re: [Assp-user] DNS Recursion

I saw and can confirm, that the RD flag is no longer set per default, if a DNS packet is created (without a Resolver-object) since any of the latest versions of Net::DNS.
The next release will fix this.

Thomas

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: DNS Recursion

Thomas Eckardt/eck
Because there is no workaround for this problem, you need to change
assp.pl to fix it shortly.

At assp.pl 2.4.5 build 15334 the sub mk_packet starts at line 66852. The
lines 66862 to 66869 are

    ($packet, $error) = Net::DNS::Packet->new( $fqdn , 'A');
    return "Cannot build DNS query for $fqdn, type A: $error" unless
ref($packet);
    push @{$self->{ID}}, $packet->header->id;
    return $packet->data unless wantarray;
    ($txt_packet, $error) = Net::DNS::Packet->new($fqdn, 'TXT', 'IN');
    return "Cannot build DNS query for $fqdn, type TXT: $error" unless
ref($txt_packet);
    push @{$self->{ID}}, $packet->header->id;
    $packet->data, $txt_packet->data;

change them to

    ($packet, $error) = Net::DNS::Packet->new( $fqdn , 'A');
    return "Cannot build DNS query for $fqdn, type A: $error" unless
ref($packet);
    eval{$packet->header->rd(1);};
    push @{$self->{ID}}, $packet->header->id;
    return $packet->data unless wantarray;
    ($txt_packet, $error) = Net::DNS::Packet->new($fqdn, 'TXT', 'IN');
    return "Cannot build DNS query for $fqdn, type TXT: $error" unless
ref($txt_packet);
    eval{$packet->header->rd(1);};
    push @{$self->{ID}}, $packet->header->id;
    $packet->data, $txt_packet->data;


by adding the line
eval{$packet->header->rd(1);};
two times

Thomas






Von:    Mark Lopez <[hidden email]>
An:     For Users of ASSP <[hidden email]>
Datum:  27.12.2015 16:48
Betreff:        Re: [Assp-user] DNS Recursion



Awesome! Although, even without blacklist checks ASSTR still caught 100%
of incoming SPAM. :)

Regards,

Mark

-----Original Message-----
From: Thomas Eckardt [mailto:[hidden email]]
Sent: Sunday, December 27, 2015 3:37 AM
To: For Users of ASSP <[hidden email]>
Subject: Re: [Assp-user] DNS Recursion

I saw and can confirm, that the RD flag is no longer set per default, if a
DNS packet is created (without a Resolver-object) since any of the latest
versions of Net::DNS.
The next release will fix this.

Thomas

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally
privileged and protected in law and are intended solely for the use of the

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no
known virus in this email!
*******************************************************


------------------------------------------------------------------------------

_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user
Reply | Threaded
Open this post in threaded view
|

Re: DNS Recursion

Silvenga
Thanks!

-----Original Message-----
From: Thomas Eckardt [mailto:[hidden email]]
Sent: Monday, December 28, 2015 2:18 AM
To: For Users of ASSP <[hidden email]>
Subject: Re: [Assp-user] DNS Recursion

Because there is no workaround for this problem, you need to change assp.pl to fix it shortly.

At assp.pl 2.4.5 build 15334 the sub mk_packet starts at line 66852. The lines 66862 to 66869 are

    ($packet, $error) = Net::DNS::Packet->new( $fqdn , 'A');
    return "Cannot build DNS query for $fqdn, type A: $error" unless ref($packet);
    push @{$self->{ID}}, $packet->header->id;
    return $packet->data unless wantarray;
    ($txt_packet, $error) = Net::DNS::Packet->new($fqdn, 'TXT', 'IN');
    return "Cannot build DNS query for $fqdn, type TXT: $error" unless ref($txt_packet);
    push @{$self->{ID}}, $packet->header->id;
    $packet->data, $txt_packet->data;

change them to

    ($packet, $error) = Net::DNS::Packet->new( $fqdn , 'A');
    return "Cannot build DNS query for $fqdn, type A: $error" unless ref($packet);
    eval{$packet->header->rd(1);};
    push @{$self->{ID}}, $packet->header->id;
    return $packet->data unless wantarray;
    ($txt_packet, $error) = Net::DNS::Packet->new($fqdn, 'TXT', 'IN');
    return "Cannot build DNS query for $fqdn, type TXT: $error" unless ref($txt_packet);
    eval{$packet->header->rd(1);};
    push @{$self->{ID}}, $packet->header->id;
    $packet->data, $txt_packet->data;


by adding the line
eval{$packet->header->rd(1);};
two times

Thomas

------------------------------------------------------------------------------
_______________________________________________
Assp-user mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/assp-user