twitterのDNS Attackが、OCNのDNSキャッシュサーバーに残っていたので記録してみた。
[2013/8/28 18:44追記] キャッシュの中身、正しいものになったようです。
$ dig twimg.com ns @2001:380:0:4::1
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @2001:380:0:4::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59697
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 86213 IN NS ns5.boxsecured.com.
twimg.com. 86213 IN NS ns6.boxsecured.com.
;; Query time: 12 msec
;; SERVER: 2001:380:0:4::1#53(2001:380:0:4::1)
;; WHEN: Wed Aug 28 14:42:33 2013
;; MSG SIZE rcvd: 85
$ dig twimg.com ns @2001:380:0:4::1
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @2001:380:0:4::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11040
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 86400 IN NS ns3.p34.dynect.net.
twimg.com. 86400 IN NS ns2.p34.dynect.net.
twimg.com. 86400 IN NS ns1.p34.dynect.net.
twimg.com. 86400 IN NS ns4.p34.dynect.net.
;; ADDITIONAL SECTION:
ns1.p34.dynect.net. 104 IN AAAA 2001:500:90:1::34
ns3.p34.dynect.net. 263 IN AAAA 2001:500:94:1::34
;; Query time: 11 msec
;; SERVER: 2001:380:0:4::1#53(2001:380:0:4::1)
;; WHEN: Wed Aug 28 18:43:58 2013
;; MSG SIZE rcvd: 180
$ dig twimg.com ns @2001:380:0:104::1
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @2001:380:0:104::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9625
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 86312 IN NS ns5.boxsecured.com.
twimg.com. 86312 IN NS ns6.boxsecured.com.
;; Query time: 14 msec
;; SERVER: 2001:380:0:104::1#53(2001:380:0:104::1)
;; WHEN: Wed Aug 28 14:42:51 2013
;; MSG SIZE rcvd: 85
$ dig twimg.com ns @2001:380:0:104::1
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @2001:380:0:104::1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54999
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 86400 IN NS ns3.p34.dynect.net.
twimg.com. 86400 IN NS ns1.p34.dynect.net.
twimg.com. 86400 IN NS ns2.p34.dynect.net.
twimg.com. 86400 IN NS ns4.p34.dynect.net.
;; ADDITIONAL SECTION:
ns1.p34.dynect.net. 225 IN AAAA 2001:500:90:1::34
ns3.p34.dynect.net. 116 IN AAAA 2001:500:94:1::34
;; Query time: 23 msec
;; SERVER: 2001:380:0:104::1#53(2001:380:0:104::1)
;; WHEN: Wed Aug 28 18:44:27 2013
;; MSG SIZE rcvd: 180
$ dig twimg.com ns @202.234.233.222
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @202.234.233.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3988
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 85417 IN NS ns5.boxsecured.com.
twimg.com. 85417 IN NS ns6.boxsecured.com.
;; ADDITIONAL SECTION:
ns5.boxsecured.com. 13806 IN A 212.1.211.126
;; Query time: 21 msec
;; SERVER: 202.234.233.222#53(202.234.233.222)
;; WHEN: Wed Aug 28 14:43:07 2013
;; MSG SIZE rcvd: 101
$ dig twimg.com ns @202.234.233.222
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @202.234.233.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25165
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 86337 IN NS ns3.p34.dynect.net.
twimg.com. 86337 IN NS ns4.p34.dynect.net.
twimg.com. 86337 IN NS ns2.p34.dynect.net.
twimg.com. 86337 IN NS ns1.p34.dynect.net.
;; ADDITIONAL SECTION:
ns1.p34.dynect.net. 173 IN AAAA 2001:500:90:1::34
ns3.p34.dynect.net. 204 IN AAAA 2001:500:94:1::34
;; Query time: 6 msec
;; SERVER: 202.234.233.222#53(202.234.233.222)
;; WHEN: Wed Aug 28 18:44:45 2013
;; MSG SIZE rcvd: 180
$ dig twimg.com ns @221.113.139.158
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @221.113.139.158
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12123
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 86278 IN NS ns6.boxsecured.com.
twimg.com. 86278 IN NS ns5.boxsecured.com.
;; Query time: 17 msec
;; SERVER: 221.113.139.158#53(221.113.139.158)
;; WHEN: Wed Aug 28 14:43:25 2013
;; MSG SIZE rcvd: 85
$ dig twimg.com ns @221.113.139.158
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @221.113.139.158
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45632
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 86400 IN NS ns2.p34.dynect.net.
twimg.com. 86400 IN NS ns1.p34.dynect.net.
twimg.com. 86400 IN NS ns3.p34.dynect.net.
twimg.com. 86400 IN NS ns4.p34.dynect.net.
;; ADDITIONAL SECTION:
ns1.p34.dynect.net. 31 IN AAAA 2001:500:90:1::34
ns3.p34.dynect.net. 99 IN AAAA 2001:500:94:1::34
;; Query time: 25 msec
;; SERVER: 221.113.139.158#53(221.113.139.158)
;; WHEN: Wed Aug 28 18:45:09 2013
;; MSG SIZE rcvd: 180
$ dig twimg.com ns @202.234.232.6
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @202.234.232.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43192
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 67699 IN NS ns5.boxsecured.com.
twimg.com. 67699 IN NS ns6.boxsecured.com.
;; Query time: 8 msec
;; SERVER: 202.234.232.6#53(202.234.232.6)
;; WHEN: Wed Aug 28 14:57:51 2013
;; MSG SIZE rcvd: 85
$ dig twimg.com ns @202.234.232.6
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @202.234.232.6
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49353
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 86314 IN NS ns3.p34.dynect.net.
twimg.com. 86314 IN NS ns4.p34.dynect.net.
twimg.com. 86314 IN NS ns1.p34.dynect.net.
twimg.com. 86314 IN NS ns2.p34.dynect.net.
;; ADDITIONAL SECTION:
ns4.p34.dynect.net. 41498 IN A 204.13.251.34
ns1.p34.dynect.net. 41468 IN A 208.78.70.34
ns1.p34.dynect.net. 8 IN AAAA 2001:500:90:1::34
ns2.p34.dynect.net. 41473 IN A 204.13.250.34
ns3.p34.dynect.net. 41485 IN A 208.78.71.34
ns3.p34.dynect.net. 82 IN AAAA 2001:500:94:1::34
;; Query time: 5 msec
;; SERVER: 202.234.232.6#53(202.234.232.6)
;; WHEN: Wed Aug 28 18:45:28 2013
;; MSG SIZE rcvd: 244
$ dig twimg.com ns @221.113.139.250
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @221.113.139.250
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21673
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 75561 IN NS ns5.boxsecured.com.
twimg.com. 75561 IN NS ns6.boxsecured.com.
;; Query time: 17 msec
;; SERVER: 221.113.139.250#53(221.113.139.250)
;; WHEN: Wed Aug 28 14:58:35 2013
;; MSG SIZE rcvd: 85
$ dig twimg.com ns @221.113.139.250
; <<>> DiG 9.9.2-P1 <<>> twimg.com ns @221.113.139.250
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63764
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;twimg.com. IN NS
;; ANSWER SECTION:
twimg.com. 86400 IN NS ns1.p34.dynect.net.
twimg.com. 86400 IN NS ns2.p34.dynect.net.
twimg.com. 86400 IN NS ns4.p34.dynect.net.
twimg.com. 86400 IN NS ns3.p34.dynect.net.
;; ADDITIONAL SECTION:
ns2.p34.dynect.net. 41493 IN A 204.13.250.34
ns4.p34.dynect.net. 41492 IN A 204.13.251.34
ns3.p34.dynect.net. 41492 IN A 208.78.71.34
ns3.p34.dynect.net. 299 IN AAAA 2001:500:94:1::34
ns1.p34.dynect.net. 41522 IN A 208.78.70.34
ns1.p34.dynect.net. 171 IN AAAA 2001:500:90:1::34
;; Query time: 25 msec
;; SERVER: 221.113.139.250#53(221.113.139.250)
;; WHEN: Wed Aug 28 18:45:48 2013
;; MSG SIZE rcvd: 244