TWNIC 委辦 DNSSEC 測試計畫

1. TWNIC 委辦 DNSSEC測試計畫 國立中央大學電算中心 103/01/09

2. 報告大綱 Cache server 封包萃取/分析 Plug-in 設定種類 3. DNSSEC 測試網站 Query 次數統計圖 Query IP 主機數統計圖

3. 1. Cache server 封包分析 • 原始 tcpdump 封包 • 萃取的 query 封包 • 整理過的 query 封包

4. 原始 tcpdump 封包 21:01:01.568605 IP 140.115.192.11.domain > 140.115.212.28.51114: 48695 4/8/8 CNAME photos-c.ak.facebook.com.edgesuite.net., CNAME a997.dspmm1.akamai.net., A 23.76.204.20 9, A 23.76.204.211 (465) E...,...@....s...s...5.......7...........photos-g.ak.fbcdn.net................%.photos-c.ak.facebook.com edgesuite...3...........a997.dspmm1.akamai...d........... L...d...........L...i.......l...n0dspmm1.p.i.......l...n4dspmm1.p.i.......l...n3dspmm1.p.i.......l...n2dspmm1.p.i.......l...n1dspmm1.p.i.......l...n7dspmm1.p.i.......l.. .n5dspmm1.p.i.......l...n6dspmm1.p./......Z....EQ.........0....EQ..........l..............0....EQ..........l..X.Q..F.......l...EQ.........Z....E.$........0....EQ. 21:01:01.568991 IP 68.142.254.15.domain > 140.115.192.11.5439: 65378*- 3/0/1 A 27.123.201.197, A 116.214.8.103, CNAME tw-tw.frontpage.wg1.b.yahoo.com. (109) E.....@.8..GD....s...5.?.u...b...........tw frontpage.wg1.b.yahoo.com......tw-tw.........,...{...........,..t..g.........,......) ....... 21:01:01.569549 IP 140.115.192.11.10755 > 68.142.254.15.domain: 18226% [1au] A? tw-tw.frontpage.wg1.b.yahoo.com. (60) E..X....@..}.s..D...*..5.D.rG2...........tw-tw frontpage.wg1.b.yahoo.com.......)........ 21:01:01.672045 IP 58.251.57.105.domain > 140.115.192.11.44024: 19203*- 2/4/5 CNAME lb1.c0367.sandai.net., A 58.251.57.175 (236) .ns1.xunlei.=.6...........ns3.b.6...........ns4.b.6...........ns2.b.^....... ..:.9h......... ..:='..w....... ..{............ ..y ....)........ 21:01:01.673177 IP 140.115.192.11.19798 > 58.251.57.105.domain: 16635% [1au] A? lb1.c0367.sandai.net. (49) E..Mx...@.@..s..:.9iMV.5.9.-@............lb1.c0367.sandai.net.......)........ 21:01:01.677716 IP 140.115.226.45.55892 > 140.115.192.11.domain: 24528+ A? js1.pingle.com.tw. (35) E..?\.....#..s.-.s...T.5.+.J_............js1.pingle.com.tw..... 21:01:01.677928 IP 140.115.226.45.57955 > 140.115.192.11.domain: 12509+ A? t1.gstatic.com. (32) E..<\.....#..s.-.s...c.5.(x.0............t1.gstatic.com..... 21:01:01.678106 IP 68.142.254.15.domain > 140.115.192.11.52806: 16173*- 1/0/1 A 206.190.37.99 (85) E..q..@.8.._D....s...5.F.].O?-...........us-cache.internal.query.a01.yahoodns.net..............,....%c..) ....... 21:01:01.679078 IP 140.115.192.11.domain > 140.115.203.246.57240: 59793 3/2/2 CNAME global-cache.internal.query.g03.yahoodns.net., CNAME us-cache.internal.query.a01.yaho odns.net., A 206.190.37.99 (221) E.......@....s...s...5...................ucs.query.yahoo.com..................global-cache.internal.query.g03.yahoodns.net..1...........us-cache.internal.query.a01.Q.k.. .....,....%c.............yf1...............yf2...........@..D............@..D... 21:01:01.682348 IP 202.75.219.158.domain > 140.115.192.11.42271: 65517* 0/1/1 (99) E... ...n.PR.K...s...5...k...............ns1.d00.net................/.ns2.zj01.com. hostmaster.-..1........X..Q.......)........

5. 萃取的 query 封包 20:01:01.535257 140.115.73.221.55408 > 140.115.192.11.domain 38487+ A? www.hungryapp.co.kr. query 20:01:01.535608 140.115.192.11.domain > 140.115.73.221.55408 38487 1/2/2 A 115.68.64.57 response 20:01:01.774347 207.171.170.1.domain > 140.115.192.11.35969 45382 response 20:01:01.775238 140.115.192.11.domain > 140.115.220.101.50298 7760 9/5/3 CNAME dwqnxoctpqg36.cloudfront.net., A 54.230.74.39, A 54.239.130.13, A 54.239.130.58, A 54.2 30.75.247, A 54.230.73.11, A 54.230.73.216, A 54.230.75.115, A 54.239.130.74 response 20:01:01.779111 140.115.208.222.58660 > 140.115.192.11.domain 9713+ AAAA? ws12.gti.mcafee.com. query 20:01:01.779133 140.115.208.222.59916 > 140.115.192.11.domain 63967+ A? ws12.gti.mcafee.com. query 20:01:01.779540 140.115.192.11.domain > 140.115.208.222.59916 63967 1/3/3 A 161.69.225.6 response 20:01:01.779917 140.115.192.11.34177 > 161.69.198.250.domain 59990% [1au] AAAA? ws12.gti.mcafee.com. query 20:01:01.786822 140.115.209.50.43706 > 140.115.192.11.domain 1234+ A? a.root-servers.net. query 20:01:01.787344 140.115.192.11.domain > 140.115.209.50.43706 1234 1/13/12 A 198.41.0.4 response 20:01:01.790688 140.115.231.40.51611 > 140.115.192.11.domain 22648+ A? h.conf.f.360.cn. query 20:01:01.791513 140.115.192.11.28159 > 171.8.167.10.domain 11922% [1au] A? h.conf.f.360.cn. query 20:01:01.792485 140.115.192.11.52085 > 208.80.124.13.domain 23455% [1au] AAAA? pseric.soft4fun.netdna-cdn.com. query 20:01:01.795225 192.5.6.30.domain > 140.115.192.11.25996 7972 response 20:01:01.797827 140.115.192.11.domain > 140.115.215.118.52137 46990 1/2/2 A 195.22.26.248 response 20:01:01.799340 140.115.41.218.58879 > 140.115.192.11.domain 44985+ A? ffs.solidstatenetworks.net. query 20:01:01.799775 140.115.192.11.domain > 140.115.41.218.58879 44985 NXDomain 0/1/0 response 20:01:01.811675 140.115.206.73.56023 > 140.115.192.11.domain 25004+ AAAA? fbcdn-profile-a.akamaihd.net. query 20:01:01.812220 140.115.204.8.64936 > 140.115.192.11.domain 29991+ A? pic.adver.com.tw. query 20:01:01.812262 140.115.192.11.domain > 140.115.206.73.56023 25004 7/8/1 CNAME fbcdn-profile-a.akamaihd.net.edgesuite.net., CNAME fbcdn-profile-a.ak.fbcdn.akamaihd.ne t.akadns.net., CNAME a2047.dspl.akamai.net., CNAME a2047.dspl.akamai.net.0.1.cn.akamaitech.net., AAAA 2600:1406:1::48f6:3543, AAAA 2600:1406:1::48f6:3509, AAAA 2600:1406 :1::48f6:3510 response 20:01:01.812535 140.115.216.6.51793 > 140.115.192.11.domain 49631+ A? union.tanx.com. query 20:01:01.812786 140.115.192.11.domain > 140.115.204.8.64936 29991 1/3/3 A 210.59.230.179 response 20:01:01.812814 140.115.192.11.65079 > 77.234.47.12.domain 21689% [1au] A? apir.webrep.avast.com. query 20:01:01.813397 140.115.204.8.55910 > 140.115.192.11.domain 52780+ AAAA? pic.adver.com.tw. query 20:01:01.813758 140.115.192.11.domain > 140.115.204.8.55910 52780 response 20:01:01.815745 140.115.192.11.53853 > 110.75.20.26.domain 37464% [1au] A? union.tanx.split.taobao.com. query 20:01:01.817217 140.115.206.73.58641 > 140.115.192.11.domain query

6. 整理過的 query 封包 QR 140.115.205.32.56821:21254+:54061.623205:A?:fbexternal-a.akamaihd.net. RS 140.115.205.32.56821:21254:54061.623759:4/8/8:CNAME:fbexternal-a.akamaihd.net.edgesuite.net., QR 140.115.205.32.64245:59066+:54061.625106:AAAA?:fbexternal-a.akamaihd.net. RS 140.115.205.32.64245:59066:54061.625502:4/8/8:CNAME:fbexternal-a.akamaihd.net.edgesuite.net., RS 140.115.192.11.11905:33734:54061.633698:response RS 140.115.200.81.63727:43904:54061.634947:2/4/1:CNAME:s3-website-us-east-1.amazonaws.com., QR 140.115.200.81.50303:21500+:54061.636379:AAAA?:trafficjack.s3-website-us-east-1.amazonaws.com. RS 140.115.200.81.50303:21500:54061.636846:1/1/0:CNAME:s3-website-us-east-1.amazonaws.com. QR 140.115.228.174.54600:17899+:54061.644893:A?:tools.google.com. QR 140.115.192.11.31585:39462%:54061.645621:1au:A?:tools.l.google.com. RS 140.115.192.11.59971:23201:54061.658881:response RS 140.115.213.147.56854:24977:54061.660064:12/6/6:CNAME:xml.ws.126.ccgslb.net., QR 140.115.213.147.60488:2421+:54061.660903:AAAA?:xml.ws.126.net. RS 140.115.213.147.60488:2421:54061.661254:2/1/0:CNAME:xml.ws.126.ccgslb.net., QR 140.115.215.127.28646:54091+:54061.662628:A?:q.soft.360.cn. RS 140.115.215.127.28646:54091:54061.663205:4/5/6:CNAME:soft.360.cn., QR 140.115.206.34.60879:18942+:54061.668521:A?:crl.microsoft.com. RS 140.115.206.34.60879:18942:54061.669062:4/8/8:CNAME:crl.www.ms.akadns.net., QR 140.115.214.247.52775:26254+:54061.680198:A?:developer.android.com. QR 140.115.214.247.57625:37462+:54061.680534:AAAA?:developer.android.com. RS 140.115.214.247.52775:26254:54061.680987:17/4/4:CNAME:www3.l.google.com., RS 140.115.214.247.57625:37462:54061.681119:2/4/4:CNAME:www3.l.google.com., QR 140.115.214.247.55594:6164+:54061.681834:A?:i.simpli.fi. QR 140.115.214.247.52976:64880+:54061.682102:AAAA?:i.simpli.fi. RS 140.115.214.247.52976:64880:54061.682715:1/1/0:CNAME:china.i.simpli.fi. RS 140.115.214.247.55594:6164:54061.682969:2/6/6:CNAME:china.i.simpli.fi., RS 140.115.192.11.13392:7503:54061.687572:response QR 140.115.192.11.50934:49023%:54061.689156:1au:A?:cc00068.h.cnc.ccgslb.net. RS 140.115.192.11.49726:7363:54061.691283:response RS 140.115.222.31.60739:18455:54061.69298:response RS 140.115.192.11.29133:40247:54061.731777:response RS 140.115.222.31.55902:38576:54061.732894:1/0/0:CNAME:ocsp.verisign.net. RS 140.115.192.11.5497:59683:54061.734615:response

7. 2. Plug-in 設定種類 2014/8/14 7

8. 3. DNSSEC 測試網站 • DNSSEC 測試網站 • http://dns500.ncu.edu.tw/Dnssec • 單時 Query 紀錄查詢 • 單日Query 紀錄查詢 • 單日 QueryIP主機數統計圖 • Top-500 查詢主機排行**

10. 2014/8/14 10

11. Thank You!