Skip to content
This repository has been archived by the owner on Sep 19, 2024. It is now read-only.

fpdns mis-identifies newish BIND as "Mailof Veenignen Posadis" #13

Open
he32 opened this issue Sep 14, 2018 · 2 comments
Open

fpdns mis-identifies newish BIND as "Mailof Veenignen Posadis" #13

he32 opened this issue Sep 14, 2018 · 2 comments

Comments

@he32
Copy link

he32 commented Sep 14, 2018 

% fpdns nn.uninett.no
fingerprint (nn.uninett.no, 158.38.0.181): Meilof Veeningen Posadis  [Old Rules]  
fingerprint (nn.uninett.no, 2001:700:0:503:0:0:aa:5302): Meilof Veeningen Posadis  [Old Rules]  
% dig version.bind ch txt +short @nn.uninett.no
"9.10.5-P3"
%

This is with fpdns "current", out of github.
I have the debug log from fpdns -d, but since nn.uninett.no is openly accessible it is easy to reproduce.

It also manages to not be able to identify Microsoft's DNS server on Windows 2012R2; it just says no match found. An example of such an installation is ns01.uis.no.
@reedjc
Copy link

reedjc commented Jul 3, 2020
edited
Loading

I haven't yet studied the lib/Net/DNS/Fingerprint.pm code. But I had same problem today (using latest fpdns on git master). A BIND 9.10.3-P4-Debian was identified as ISC BIND 9.2.3rc1 -- 9.4.0a4 [Old Rules]
And a BIND 9.10.7 was identified as Meilof Veeningen Posadis [Old Rules]

Maybe following diff from the BIND that was reported to the Posadis may help troubleshoot:


--- /home/reed/J2	2020-07-03 11:44:50.559702496 -0500
+++ /home/reed/J1	2020-07-03 11:44:34.883329640 -0500
@@ -1,220 +1,176 @@
 ==> PROCESS aa.bb.cc.dd:53 0,QUERY,0,0,0,0,0,0,NOERROR,0,0,0,0 . IN A
 
 ==> QUERY BEGIN
 1
 ==> QUERY END
 
 ==> ANSWER BEGIN
 ;; Response received from aa.bb.cc.dd (17 octets)
 ;; HEADER SECTION
 ;;	id = 0
 ;;	qr = 1	aa = 0	tc = 0	rd = 0	opcode = QUERY
 ;;	ra = 0	z  = 0	ad = 0	cd = 0	rcode  = REFUSED
 ;;	qdcount = 1	ancount = 0	nscount = 0	arcount = 0
 ;;	do = 0
 
 ;; QUESTION SECTION (1 record)
 ;; .	IN	A
 
 ;; ANSWER SECTION (0 records)
 
 ;; AUTHORITY SECTION (0 records)
 
 ;; ADDITIONAL SECTION (0 records)
 
 
 ==> ANSWER END
 
 ==> "1,QUERY,0,0,0,0,0,0,REFUSED,1,0,0,0"
 ==> PROCESS aa.bb.cc.dd:53 0,NOTIFY,0,1,1,0,1,1,NOTIMP,0,0,0,0 . IN A
 
 ==> QUERY BEGIN
 1
 ==> QUERY END
 
 ==> ANSWER BEGIN
 ;; Response received from aa.bb.cc.dd (17 octets)
 ;; HEADER SECTION
 ;;	id = 0
-;;	qr = 1	aa = 0	tc = 0	rd = 1	opcode = NOTIFY
-;;	ra = 0	z  = 0	ad = 0	cd = 1	rcode  = FORMERR
+;;	qr = 1	aa = 0	tc = 0	rd = 0	opcode = NOTIFY
+;;	ra = 0	z  = 0	ad = 0	cd = 0	rcode  = FORMERR
 ;;	qdcount = 1	ancount = 0	nscount = 0	arcount = 0
 ;;	do = 0
 
 ;; QUESTION SECTION (1 record)
 ;; .	IN	A
 
 ;; ANSWER SECTION (0 records)
 
 ;; AUTHORITY SECTION (0 records)
 
 ;; ADDITIONAL SECTION (0 records)
 
 
 ==> ANSWER END
 
-==> "1,NOTIFY,0,0,1,0,0,1,FORMERR,1,0,0,0"
+==> "1,NOTIFY,0,0,0,0,0,0,FORMERR,1,0,0,0"
 ==> PROCESS aa.bb.cc.dd:53 0,QUERY,0,0,0,0,0,0,NOERROR,0,0,0,0 . IN MAILB
 
 ==> QUERY BEGIN
 1
 ==> QUERY END
 
 ==> ANSWER BEGIN
 ;; Response received from aa.bb.cc.dd (17 octets)
 ;; HEADER SECTION
 ;;	id = 0
 ;;	qr = 1	aa = 0	tc = 0	rd = 1	opcode = QUERY
 ;;	ra = 0	z  = 0	ad = 0	cd = 0	rcode  = NOTIMP
 ;;	qdcount = 1	ancount = 0	nscount = 0	arcount = 0
 ;;	do = 0
 
 ;; QUESTION SECTION (1 record)
 ;; .	IN	MAILB
 
 ;; ANSWER SECTION (0 records)
 
 ;; AUTHORITY SECTION (0 records)
 
 ;; ADDITIONAL SECTION (0 records)
 
 
 ==> ANSWER END
 
 ==> "1,QUERY,0,0,1,0,0,0,NOTIMP,1,0,0,0"
 ==> PROCESS aa.bb.cc.dd:53 0,IQUERY,0,0,1,0,0,0,NOERROR,0,0,0,0 . IN A
 
 ==> QUERY BEGIN
 1
 ==> QUERY END
 
 ==> ANSWER BEGIN
 ;; Response received from aa.bb.cc.dd (12 octets)
 ;; HEADER SECTION
 ;;	id = 0
-;;	qr = 1	aa = 0	tc = 0	rd = 1	opcode = IQUERY
+;;	qr = 1	aa = 0	tc = 0	rd = 0	opcode = IQUERY
 ;;	ra = 0	z  = 0	ad = 0	cd = 0	rcode  = NOTIMP
 ;;	qdcount = 0	ancount = 0	nscount = 0	arcount = 0
 ;;	do = 0
 
 ;; QUESTION SECTION (0 records)
 
 ;; ANSWER SECTION (0 records)
 
 ;; AUTHORITY SECTION (0 records)
 
 ;; ADDITIONAL SECTION (0 records)
 
 
 ==> ANSWER END
 
-==> "1,IQUERY,0,0,1,0,0,0,NOTIMP,0,0,0,0"
-==> PROCESS aa.bb.cc.dd:53 0,NOTIFY,0,0,0,0,0,0,NOERROR,0,0,0,0 . IN A
-
-==> QUERY BEGIN
-1
-==> QUERY END
-
-==> ANSWER BEGIN
-;; Response received from aa.bb.cc.dd (17 octets)
-;; HEADER SECTION
-;;	id = 0
-;;	qr = 1	aa = 0	tc = 0	rd = 0	opcode = NOTIFY
-;;	ra = 0	z  = 0	ad = 0	cd = 0	rcode  = FORMERR
-;;	qdcount = 1	ancount = 0	nscount = 0	arcount = 0
-;;	do = 0
-
-;; QUESTION SECTION (1 record)
-;; .	IN	A
-
-;; ANSWER SECTION (0 records)
-
-;; AUTHORITY SECTION (0 records)
-
-;; ADDITIONAL SECTION (0 records)
-
-
-==> ANSWER END
-
-==> "1,NOTIFY,0,0,0,0,0,0,FORMERR,1,0,0,0"
+==> "1,IQUERY,0,0,0,0,0,0,NOTIMP,0,0,0,0"
 ;; HEADER SECTION
 ;;	id = 0
 ;;	qr = 0	aa = 0	tc = 0	rd = 0	opcode = QUERY
 ;;	ra = 0	z  = 0	ad = 0	cd = 0	rcode  = NOERROR
 ;;	qdcount = 1	ancount = 0	nscount = 0	arcount = 0
 ;;	do = 0
 
 ;; QUESTION SECTION (1 record)
 ;; .	IN	A
 
 ;; ANSWER SECTION (0 records)
 
 ;; AUTHORITY SECTION (0 records)
 
 ;; ADDITIONAL SECTION (0 records)
 
 ;; HEADER SECTION
 ;;	id = 0
 ;;	qr = 0	aa = 0	tc = 1	rd = 1	opcode = NOTIFY
 ;;	ra = 0	z  = 0	ad = 1	cd = 1	rcode  = NOTIMP
 ;;	qdcount = 1	ancount = 0	nscount = 0	arcount = 0
 ;;	do = 0
 
 ;; QUESTION SECTION (1 record)
 ;; .	IN	A
 
 ;; ANSWER SECTION (0 records)
 
 ;; AUTHORITY SECTION (0 records)
 
 ;; ADDITIONAL SECTION (0 records)
 
 ;; HEADER SECTION
 ;;	id = 0
 ;;	qr = 0	aa = 0	tc = 0	rd = 0	opcode = QUERY
 ;;	ra = 0	z  = 0	ad = 0	cd = 0	rcode  = NOERROR
 ;;	qdcount = 1	ancount = 0	nscount = 0	arcount = 0
 ;;	do = 0
 
 ;; QUESTION SECTION (1 record)
 ;; .	IN	MAILB
 
 ;; ANSWER SECTION (0 records)
 
 ;; AUTHORITY SECTION (0 records)
 
 ;; ADDITIONAL SECTION (0 records)
 
 ;; HEADER SECTION
 ;;	id = 0
 ;;	qr = 0	aa = 0	tc = 0	rd = 1	opcode = IQUERY
 ;;	ra = 0	z  = 0	ad = 0	cd = 0	rcode  = NOERROR
 ;;	qdcount = 1	ancount = 0	nscount = 0	arcount = 0
 ;;	do = 0
 
 ;; QUESTION SECTION (1 record)
 ;; .	IN	A
 
 ;; ANSWER SECTION (0 records)
 
 ;; AUTHORITY SECTION (0 records)
 
 ;; ADDITIONAL SECTION (0 records)
 
-;; HEADER SECTION
-;;	id = 0
-;;	qr = 0	aa = 0	tc = 0	rd = 0	opcode = NOTIFY
-;;	ra = 0	z  = 0	ad = 0	cd = 0	rcode  = NOERROR
-;;	qdcount = 1	ancount = 0	nscount = 0	arcount = 0
-;;	do = 0
-
-;; QUESTION SECTION (1 record)
-;; .	IN	A
-
-;; ANSWER SECTION (0 records)
-
-;; AUTHORITY SECTION (0 records)
-
-;; ADDITIONAL SECTION (0 records)
-
-fingerprint (ns2.example.net, aa.bb.cc.dd): ISC BIND 9.2.3rc1 -- 9.4.0a4 [Old Rules]  
+fingerprint (ns1.example.net, aa.bb.cc.dd): Meilof Veeningen Posadis  [Old Rules]

@mator
Copy link

mator commented Nov 8, 2021
edited
Loading

Same for me, on version fpdns-20190131-1.1, queried bind/named server, got reply that it is "Meilof Veeningen Posadis"...
Tried with google servers (8.8.8.8, 8.8.4.4) as well, and it told me that they are "Microsoft Windows DNS 2000 [New Rules]", though https://github.com/kirei/fpdns/blob/master/lib/Net/DNS/Fingerprint.pm#L267 has info on google servers.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mator @reedjc @he32