[Cerowrt-devel] First DNSSEC failure with CeroWRT

Dave Taht dave.taht at gmail.com
Sat Apr 19 15:19:09 EDT 2014


I'm not sure if what you are actually seeing here is a failure or a
success! It does appear that this is
indeed a bogus DS.

http://dnssec-debugger.verisignlabs.com/sso-fi.bankofamerica.com

On Sat, Apr 19, 2014 at 2:43 AM, Aaron Wood <woody77 at gmail.com> wrote:
> One of the many servers involved with BofA's online banking:
>
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver
> 8.8.4.4#53
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using nameserver
> 8.8.8.8#53
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: using local addresses
> only for domain home.lan
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq[29719]: read /etc/hosts - 1
> addresses
> Sat Apr 19 09:37:37 2014 daemon.info dnsmasq-dhcp[29719]: read /etc/ethers -
> 0 addresses
> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: query[A]
> saml-bac.onefiserv.com from 172.30.42.99
> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded
> saml-bac.onefiserv.com to 8.8.4.4
> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: forwarded
> saml-bac.onefiserv.com to 8.8.8.8
> Sat Apr 19 09:37:39 2014 daemon.info dnsmasq[29719]: dnssec-query[DS]
> saml-bac.onefiserv.com to 8.8.4.4
> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply
> saml-bac.onefiserv.com is BOGUS DS
> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: validation result is
> BOGUS
> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply
> saml-bac.onefiserv.com is <CNAME>
> Sat Apr 19 09:37:41 2014 daemon.info dnsmasq[29719]: reply
> saml-bac.gslb.onefiserv.com is 64.128.98.58
>
>
> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: query[A]
> sso-fi.bankofamerica.com from 172.30.42.99
> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded
> sso-fi.bankofamerica.com to 8.8.4.4
> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: forwarded
> sso-fi.bankofamerica.com to 8.8.8.8
> Sat Apr 19 09:38:04 2014 daemon.info dnsmasq[29719]: dnssec-query[DS]
> sso-fi.bankofamerica.com to 8.8.8.8
> Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: query[A]
> sso-fi.bankofamerica.com from 172.30.42.99
> Sat Apr 19 09:38:05 2014 daemon.info dnsmasq[29719]: dnssec retry to 8.8.8.8
> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply
> sso-fi.bankofamerica.com is BOGUS DS
> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: validation result is
> BOGUS
> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply
> sso-fi.bankofamerica.com is <CNAME>
> Sat Apr 19 09:38:06 2014 daemon.info dnsmasq[29719]: reply
> saml-bac.onefiserv.com is 64.128.98.58
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel at lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>



-- 
Dave Täht

NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article



More information about the Cerowrt-devel mailing list