Re: [mailop] Filtered DNS at hhs.gov

2023-10-13 Thread Antonio Prado via mailop 

On 10/13/23 6:38 PM, Alessandro Vesely via mailop wrote:
I suspect they tried to put a filter on port 53 too, to avoid too many 
queries, and filter off _dmarc because it is an invalid host.  Sounds 
real?!?


hi,

well, it's not related to DMARC; they seem not answering queries for any 
NX domain:


./dig A @rh120ns1.368.dhhs.gov  qwerty.hhs.gov
;; communications error to 158.74.30.102#53: timed out
;; communications error to 158.74.30.102#53: timed out
;; communications error to 158.74.30.102#53: timed out
;; communications error to 2607:f220:0:1::2c#53: timed out

; <<>> DiG 9.18.19 <<>> A @rh120ns1.368.dhhs.gov qwerty.hhs.gov
; (2 servers found)
;; global options: +cmd
;; no servers could be reached

./dig A @rh120ns1.368.dhhs.gov  w.connect.hhs.gov
;; communications error to 158.74.30.102#53: timed out
;; communications error to 158.74.30.102#53: timed out
;; communications error to 158.74.30.102#53: timed out
;; communications error to 2607:f220:0:1::2c#53: timed out

; <<>> DiG 9.18.19 <<>> A @rh120ns1.368.dhhs.gov w.connect.hhs.gov
; (2 servers found)
;; global options: +cmd
;; no servers could be reached
--
antonio


OpenPGP_signature.asc
Description: OpenPGP digital signature
___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] Filtered DNS at hhs.gov

2023-10-13 Thread Alessandro Vesely via mailop 

That's strange.  The same server replies on one query but not the other:

ale@pcale:~$ dig +short +norecurse @158.74.30.103 bounce.connect.hhs.gov txt
"v=spf1 ip4:158.72.139.19 ip4:158.70.144.146 include:cust-spf.exacttarget.com 
-all"
ale@pcale:~$
ale@pcale:~$ dig +short +norecurse @158.74.30.103 _dmarc.bounce.connect.hhs.gov 
txt
;; communications error to 158.74.30.103#53: timed out
;; communications error to 158.74.30.103#53: timed out
;; communications error to 158.74.30.103#53: timed out
;; no servers could be reached

Note that the server is firewalled and is not reachable by ping or traceroute.

I suspect they tried to put a filter on port 53 too, to avoid too many queries, 
and filter off _dmarc because it is an invalid host.  Sounds real?!?


Best
Ale
--



___
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop