Interesting dig on an (un)dead host.

[ghost]

Additional context

I was curious about this entry listed as inactive so I did a quick dig. Check it out. OFC whois was useless for me considering the (likely) fast-fluxing of aws buckets in combo with their CNAME scheming.

Thank-you for bringing it to my attention.

Peace brother ☮️

intr0 $ dig @1.1.1.1 1687.ic-live.com
; <<>> DiG 9.9.7-P3 <<>> @1.1.1.1 1687.ic-live.com
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37604
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;1687.ic-live.com.        IN    A

;; ANSWER SECTION:
1687.ic-live.com.    177    IN    CNAME    pixel.ic-live.com.
pixel.ic-live.com.    177    IN    CNAME    latency-pixel.ic-live.com.

;; AUTHORITY SECTION:
ic-live.com.        777    IN    SOA    ns-1485.awsdns-57.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

;; Query time: 35 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Sat Apr 11 14:08:32 EDT 2020
;; MSG SIZE  rcvd: 191

It's CNAME-ing to the domains listed in the 2nd answer returned in the dig. I'll have to keep an eye on them. uBlock is great at dealing with malicious sites hiding behind CNAMEs, but only on FireFox as far as I know. For now I'll keep it and also include the main host as well as CNAME scheme they're currently using and the name server Amazon gave them.

[funilrys]

Yup I could check that behavior 🤔 What is strange is that PyFunceble is programmed to check the CNAME. But it works with 8.8.8.8 but not with 1.1.1.1. I think that it will be better to globally switch (at @dead-hosts) to the Google Public DNS server.

Here is what I'm talking about:

import PyFunceble

PyFunceble.load_config(generate_directory_structure=False)

DOMAIN = "1687.ic-live.com"
DNS_SERVERS = [("1.1.1.1:53", "1.0.0.1:53"), ("8.8.8.8:53", "8.4.4.8:53")]
TO_REQUEST = ["A", "AAAA", "NS", "CNAME", "DNAME", "MX", "TXT"]


for dns in DNS_SERVERS:
    print(f"===== Started with {dns} =====")
    PyFunceble.DNSLOOKUP.update_nameserver(dns)
    for record_type in TO_REQUEST:
        print(
            "TCP",
            record_type,
            getattr(PyFunceble.DNSLOOKUP, f"{record_type.lower()}_record")(
                DOMAIN, tcp=True
            ),
        )
        print(
            "UDP",
            record_type,
            getattr(PyFunceble.DNSLOOKUP, f"{record_type.lower()}_record")(
                DOMAIN, tcp=False
            ),
        )

    print(f"===== Finished with {dns} =====")

and the result:

===== Started with ('1.1.1.1:53', '1.0.0.1:53') =====
TCP A None
UDP A None
TCP AAAA None
UDP AAAA None
TCP NS None
UDP NS None
TCP CNAME None
UDP CNAME None
TCP DNAME None
UDP DNAME None
TCP MX None
UDP MX None
TCP TXT None
UDP TXT None
===== Finished with ('1.1.1.1:53', '1.0.0.1:53') =====
===== Started with ('8.8.8.8:53', '8.4.4.8:53') =====
TCP A None
UDP A None
TCP AAAA None
UDP AAAA None
TCP NS None
UDP NS None
TCP CNAME ['pixel.ic-live.com.']
UDP CNAME ['pixel.ic-live.com.']
TCP DNAME None
UDP DNAME None
TCP MX None
UDP MX None
TCP TXT None
UDP TXT None
===== Finished with ('8.8.8.8:53', '8.4.4.8:53') =====

I'm definitely going to switch @dead-hosts to the Google Public DNS.

And don't worry. Those marked as Inactive will be automatically retested (even if removed from the original lists).

Thanks for the feedback @mozdevcontrib ! I will investigate this further as we are dependent on dnspython for the DNS Lookup.

[ghost]

That's odd that Google's DNS reveal one of the CNAMEs for you, while CloudFlare's reveal two CNAMEs and the AWS NS with a single DIG from my iPad in LibTerm 😁. OFC only after seeing your initial returns 👍🏼. Seriously though, many servers are setup not to respond to any type of query depending on the part(s) of the world being targeted. Hmmm. This is indeed an interesting topic.Sincerely,~ Ⓐ intr0Sent using ProtonMail Enterprise On Sun, Apr 12, 2020 at 02:29, Nissar Chababy <notifications@github.com> wrote: Yup I could check that behavior 🤔 What is strange is that PyFunceble is programmed to check the CNAME. But it works with 8.8.8.8 but not with 1.1.1.1. I think that it will be better to globally switch (at @dead-hosts) to the Google Public DNS server. Here is what I'm talking about: import PyFunceble PyFunceble.load_config(generate_directory_structure=False) DOMAIN = "1687.ic-live.com" TO_REQUEST = ["A", "AAAA", "NS", "CNAME", "DNAME", "MX", "TXT"] print("===== Started with Cloudflare Public DNS =====") PyFunceble.DNSLOOKUP.update_nameserver(["1.1.1.1:53", "1.0.0.1:53"]) for record_type in TO_REQUEST: print(record_type, getattr(PyFunceble.DNSLOOKUP, f"{record_type.lower()}_record")(DOMAIN)) print("===== Finished with Cloudflare Public DNS =====") print("===== Started with Google Public DNS =====") PyFunceble.DNSLOOKUP.update_nameserver(["8.8.8.8:53", "8.4.4.8:53"]) for record_type in TO_REQUEST: print(record_type, getattr(PyFunceble.DNSLOOKUP, f"{record_type.lower()}_record")(DOMAIN)) print("===== Finished with Google Public DNS =====") and the result: $ python test.py ===== Started with Cloudflare Public DNS ===== A None AAAA None NS None CNAME None DNAME None MX None TXT None ===== Finished with Cloudflare Public DNS ===== ===== Started with Google Public DNS ===== A None AAAA None NS None CNAME ['pixel.ic-live.com.'] DNAME None MX None TXT None ===== Finished with Google Public DNS ===== I'm definitely going to switch @dead-hosts to the Google Public DNS. And don't worry. Those marked as Inactive will be automatically retested (even if removed from the original lists). Thanks for the feedback @mozdevcontrib ! I will investigate this further as we are dependent on dnspython for the DNS Lookup. —You are receiving this because you were mentioned.Reply to this email directly, view it on GitHub, or unsubscribe.