search

gfrontiero / namebench

Automatically exported from code.google.com/p/namebench
Apache License 2.0
0 stars 0 forks source link

namebench doesn't detect some NXDOMAIN hijacking #95

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago 
What steps will reproduce the problem?
1. Run namebench to test 87.216.1.65 (Jazztel primary DNS server)
2. It doesn't show that it doesn NXDOMAIN hijacking

If you use that DNS server and try to get the ip of a domain that starts
with "www" you get the hijack.

$ host thisdomaindoesnotexists.com 87.216.1.65
Using domain server:
Name: 87.216.1.65
Address: 87.216.1.65#53
Aliases:

Host thisdomaindoesnotexists.com not found: 3(NXDOMAIN)
$ host www.thisdomaindoesnotexists.com 87.216.1.65
Using domain server:
Name: 87.216.1.65
Address: 87.216.1.65#53
Aliases:

www.thisdomaindoesnotexists.com has address 81.200.64.180
Host www.thisdomaindoesnotexists.com not found: 3(NXDOMAIN)

I'm using namebench 1.1 on Arch Linux

Original issue reported on code.google.com by lambda...@gmail.com on 12 Jan 2010 at 3:07

GoogleCodeExporter commented 8 years ago 
I don't have a nameserver to test this against, but I've put an extra check in 
for
this in r604. Do you mind checking the current code out of the namebench and 
testing
it for me? The instructions are at 
http://code.google.com/p/namebench/source/checkout

Original comment by thomas.r...@gmail.com on 26 Jan 2010 at 8:44

GoogleCodeExporter commented 8 years ago 
If I only test the problematic server, it doesn't detect the issue; but if I 
test
that server and other server, it does detect the problem and adds "NXDOMAIN 
Hijacking
(www)" to the notes.

If it helps, my ISP seems to use SKYE SEARCH by Nominum (
http://www.nominum.com/skye/solutions/skye-search.php )

Original comment by lambda...@gmail.com on 26 Jan 2010 at 12:42

GoogleCodeExporter commented 8 years ago 
Glad to hear it. As an optimization, namebench skips all tests if you are only
testing against one server. I'm not sure that it's the right approach, but I've 
found
it handy for debugging problematic servers which would otherwise be thrown out 
due to
timeouts.

I'll try to see that this gets included in a new release next week. Thanks for 
the
report!

Original comment by tstromb...@google.com on 26 Jan 2010 at 1:55