3. DNSSEC 測試網站

Download Report

Transcript 3. DNSSEC 測試網站 

TWNIC 委辦
DNSSEC測試計畫
國立中央大學電算中心
103/01/09
2015/4/6
1
報告大綱
1. Cache server 封包萃取/分析
2. Plug-in 設定種類
3. DNSSEC 測試網站
Query 次數統計圖
Query IP 主機數統計圖
2015/4/6
©2013 Computer Center, National Central University.
2
1. Cache server 封包分析
 原始 tcpdump 封包
 萃取的 query 封包
 整理過的 query 封包
2015/4/6
©2013 Computer Center, National Central University.
3
原始 tcpdump 封包
21:01:01.568605 IP 140.115.192.11.domain > 140.115.212.28.51114: 48695 4/8/8 CNAME photos-c.ak.facebook.com.edgesuite.net., CNAME
a997.dspmm1.akamai.net., A 23.76.204.20
9, A 23.76.204.211 (465)
E...,[email protected]................%.photos-c.ak.facebook.com
edgesuite...3...........a997.dspmm1.akamai...d...........
L...d...........L...i.......l...n0dspmm1.p.i.......l...n4dspmm1.p.i.......l...n3dspmm1.p.i.......l...n2dspmm1.p.i.......l...n1dspmm1.p.i.......l...n7dspmm1.p.i.......l..
.n5dspmm1.p.i.......l...n6dspmm1.p./......Z....EQ.........0....EQ..........l..............0....EQ..........l..X.Q..F.......l...EQ.........Z....E.$........0....EQ.
21:01:01.568991 IP 68.142.254.15.domain > 140.115.192.11.5439: 65378*- 3/0/1 A 27.123.201.197, A 116.214.8.103, CNAME twtw.frontpage.wg1.b.yahoo.com. (109)
[email protected].?.u...b...........tw frontpage.wg1.b.yahoo.com......tw-tw.........,...{...........,..t..g.........,......)
.......
21:01:01.569549 IP 140.115.192.11.10755 > 68.142.254.15.domain: 18226% [1au] A? tw-tw.frontpage.wg1.b.yahoo.com. (60)
E..X....@..}.s..D...*..5.D.rG2...........tw-tw frontpage.wg1.b.yahoo.com.......)........
21:01:01.672045 IP 58.251.57.105.domain > 140.115.192.11.44024: 19203*- 2/4/5 CNAME lb1.c0367.sandai.net., A 58.251.57.175 (236)
.ns1.xunlei.=.6...........ns3.b.6...........ns4.b.6...........ns2.b.^....... ..:.9h......... ..:='..w....... ..{............ ..y
....)........
21:01:01.673177 IP 140.115.192.11.19798 > 58.251.57.105.domain: 16635% [1au] A? lb1.c0367.sandai.net. (49)
E..Mx...@[email protected]..:[email protected].......)........
21:01:01.677716 IP 140.115.226.45.55892 > 140.115.192.11.domain: 24528+ A? js1.pingle.com.tw. (35)
E..?\.....#..s.-.s...T.5.+.J_............js1.pingle.com.tw.....
21:01:01.677928 IP 140.115.226.45.57955 > 140.115.192.11.domain: 12509+ A? t1.gstatic.com. (32)
E..<\.....#..s.-.s...c.5.(x.0............t1.gstatic.com.....
21:01:01.678106 IP 68.142.254.15.domain > 140.115.192.11.52806: 16173*- 1/0/1 A 206.190.37.99 (85)
[email protected].._D....s...5.F.].O?-...........us-cache.internal.query.a01.yahoodns.net..............,....%c..)
.......
21:01:01.679078 IP 140.115.192.11.domain > 140.115.203.246.57240: 59793 3/2/2 CNAME global-cache.internal.query.g03.yahoodns.net.,
CNAME us-cache.internal.query.a01.yaho
odns.net., A 206.190.37.99 (221)
E.......@....s...s...5...................ucs.query.yahoo.com..................global-cache.internal.query.g03.yahoodns.net..1...........uscache.internal.query.a01.Q.k..
.....,....%[email protected][email protected]...
21:01:01.682348 IP 202.75.219.158.domain > 140.115.192.11.42271: 65517* 0/1/1 (99)
E... ...n.PR.K...s...5...k...............ns1.d00.net................/.ns2.zj01.com.
hostmaster.-..1........X..Q.......)........
2015/4/6
©2013 Computer Center, National Central University.
4
萃取的 query 封包
20:01:01.535257 140.115.73.221.55408 > 140.115.192.11.domain 38487+ A? www.hungryapp.co.kr. query
20:01:01.535608 140.115.192.11.domain > 140.115.73.221.55408 38487 1/2/2 A 115.68.64.57 response
20:01:01.774347 207.171.170.1.domain > 140.115.192.11.35969 45382 response
20:01:01.775238 140.115.192.11.domain > 140.115.220.101.50298 7760 9/5/3 CNAME dwqnxoctpqg36.cloudfront.net., A 54.230.74.39, A
54.239.130.13, A 54.239.130.58, A 54.2
30.75.247, A 54.230.73.11, A 54.230.73.216, A 54.230.75.115, A 54.239.130.74 response
20:01:01.779111 140.115.208.222.58660 > 140.115.192.11.domain 9713+ AAAA? ws12.gti.mcafee.com. query
20:01:01.779133 140.115.208.222.59916 > 140.115.192.11.domain 63967+ A? ws12.gti.mcafee.com. query
20:01:01.779540 140.115.192.11.domain > 140.115.208.222.59916 63967 1/3/3 A 161.69.225.6 response
20:01:01.779917 140.115.192.11.34177 > 161.69.198.250.domain 59990% [1au] AAAA? ws12.gti.mcafee.com. query
20:01:01.786822 140.115.209.50.43706 > 140.115.192.11.domain 1234+ A? a.root-servers.net. query
20:01:01.787344 140.115.192.11.domain > 140.115.209.50.43706 1234 1/13/12 A 198.41.0.4 response
20:01:01.790688 140.115.231.40.51611 > 140.115.192.11.domain 22648+ A? h.conf.f.360.cn. query
20:01:01.791513 140.115.192.11.28159 > 171.8.167.10.domain 11922% [1au] A? h.conf.f.360.cn. query
20:01:01.792485 140.115.192.11.52085 > 208.80.124.13.domain 23455% [1au] AAAA? pseric.soft4fun.netdna-cdn.com. query
20:01:01.795225 192.5.6.30.domain > 140.115.192.11.25996 7972 response
20:01:01.797827 140.115.192.11.domain > 140.115.215.118.52137 46990 1/2/2 A 195.22.26.248 response
20:01:01.799340 140.115.41.218.58879 > 140.115.192.11.domain 44985+ A? ffs.solidstatenetworks.net. query
20:01:01.799775 140.115.192.11.domain > 140.115.41.218.58879 44985 NXDomain 0/1/0 response
20:01:01.811675 140.115.206.73.56023 > 140.115.192.11.domain 25004+ AAAA? fbcdn-profile-a.akamaihd.net. query
20:01:01.812220 140.115.204.8.64936 > 140.115.192.11.domain 29991+ A? pic.adver.com.tw. query
20:01:01.812262 140.115.192.11.domain > 140.115.206.73.56023 25004 7/8/1 CNAME fbcdn-profile-a.akamaihd.net.edgesuite.net., CNAME
fbcdn-profile-a.ak.fbcdn.akamaihd.ne
t.akadns.net., CNAME a2047.dspl.akamai.net., CNAME a2047.dspl.akamai.net.0.1.cn.akamaitech.net., AAAA 2600:1406:1::48f6:3543, AAAA
2600:1406:1::48f6:3509, AAAA 2600:1406
:1::48f6:3510 response
20:01:01.812535 140.115.216.6.51793 > 140.115.192.11.domain 49631+ A? union.tanx.com. query
20:01:01.812786 140.115.192.11.domain > 140.115.204.8.64936 29991 1/3/3 A 210.59.230.179 response
20:01:01.812814 140.115.192.11.65079 > 77.234.47.12.domain 21689% [1au] A? apir.webrep.avast.com. query
20:01:01.813397 140.115.204.8.55910 > 140.115.192.11.domain 52780+ AAAA? pic.adver.com.tw. query
20:01:01.813758 140.115.192.11.domain > 140.115.204.8.55910 52780 response
20:01:01.815745 140.115.192.11.53853 > 110.75.20.26.domain 37464% [1au] A? union.tanx.split.taobao.com. query
20:01:01.817217 140.115.206.73.58641 > 140.115.192.11.domain
query
2015/4/6
©2013 Computer Center, National Central University.
5
整理過的 query 封包
QR
RS
QR
RS
RS
RS
QR
RS
QR
QR
RS
RS
QR
RS
QR
RS
QR
RS
QR
QR
RS
RS
QR
QR
RS
RS
RS
QR
RS
RS
RS
RS
RS
140.115.205.32.56821:21254+:54061.623205:A?:fbexternal-a.akamaihd.net.
140.115.205.32.56821:21254:54061.623759:4/8/8:CNAME:fbexternal-a.akamaihd.net.edgesuite.net.,
140.115.205.32.64245:59066+:54061.625106:AAAA?:fbexternal-a.akamaihd.net.
140.115.205.32.64245:59066:54061.625502:4/8/8:CNAME:fbexternal-a.akamaihd.net.edgesuite.net.,
140.115.192.11.11905:33734:54061.633698:response
140.115.200.81.63727:43904:54061.634947:2/4/1:CNAME:s3-website-us-east-1.amazonaws.com.,
140.115.200.81.50303:21500+:54061.636379:AAAA?:trafficjack.s3-website-us-east-1.amazonaws.com.
140.115.200.81.50303:21500:54061.636846:1/1/0:CNAME:s3-website-us-east-1.amazonaws.com.
140.115.228.174.54600:17899+:54061.644893:A?:tools.google.com.
140.115.192.11.31585:39462%:54061.645621:1au:A?:tools.l.google.com.
140.115.192.11.59971:23201:54061.658881:response
140.115.213.147.56854:24977:54061.660064:12/6/6:CNAME:xml.ws.126.ccgslb.net.,
140.115.213.147.60488:2421+:54061.660903:AAAA?:xml.ws.126.net.
140.115.213.147.60488:2421:54061.661254:2/1/0:CNAME:xml.ws.126.ccgslb.net.,
140.115.215.127.28646:54091+:54061.662628:A?:q.soft.360.cn.
140.115.215.127.28646:54091:54061.663205:4/5/6:CNAME:soft.360.cn.,
140.115.206.34.60879:18942+:54061.668521:A?:crl.microsoft.com.
140.115.206.34.60879:18942:54061.669062:4/8/8:CNAME:crl.www.ms.akadns.net.,
140.115.214.247.52775:26254+:54061.680198:A?:developer.android.com.
140.115.214.247.57625:37462+:54061.680534:AAAA?:developer.android.com.
140.115.214.247.52775:26254:54061.680987:17/4/4:CNAME:www3.l.google.com.,
140.115.214.247.57625:37462:54061.681119:2/4/4:CNAME:www3.l.google.com.,
140.115.214.247.55594:6164+:54061.681834:A?:i.simpli.fi.
140.115.214.247.52976:64880+:54061.682102:AAAA?:i.simpli.fi.
140.115.214.247.52976:64880:54061.682715:1/1/0:CNAME:china.i.simpli.fi.
140.115.214.247.55594:6164:54061.682969:2/6/6:CNAME:china.i.simpli.fi.,
140.115.192.11.13392:7503:54061.687572:response
140.115.192.11.50934:49023%:54061.689156:1au:A?:cc00068.h.cnc.ccgslb.net.
140.115.192.11.49726:7363:54061.691283:response
140.115.222.31.60739:18455:54061.69298:response
140.115.192.11.29133:40247:54061.731777:response
140.115.222.31.55902:38576:54061.732894:1/0/0:CNAME:ocsp.verisign.net.
140.115.192.11.5497:59683:54061.734615:response
2015/4/6
©2013 Computer Center, National Central University.
6
2. Plug-in 設定種類
2015/4/6
©2013 Computer Center, National Central University.
7
3. DNSSEC 測試網站
 DNSSEC 測試網站
• http://dns500.ncu.edu.tw/Dnssec
• 單時 Query 紀錄查詢
• 單日 Query 紀錄查詢
• 單日 Query IP主機數統計圖
• Top-500 查詢主機排行**
2015/4/6
©2013 Computer Center, National Central University.
8
2015/4/6
©2013 Computer Center, National Central University.
9
2015/4/6
©2013 Computer Center, National Central University.
10
Thank You!
2015/4/6
©2013 Computer Center, National Central University.
11