View Issue Details

IDProjectCategoryView StatusLast Update
0015656CentOS-7nsspublic2018-12-31 08:20
Reporterpublic array 
PriorityhighSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version7.6.1810 
Target VersionFixed in Version 
Summary0015656: DNS lookup for gesetze-im-internet.de return a lookup for gesetze-im-internet.de.io
DescriptionI don't know how but the lookup for this (gesetze-im-internet.de) domain returns the results for a different domain (gesetze-im-internet.de.io). Notice the .io at the end. I haven't yet found other domains where this issue occurs but I would assume that there are more.

This is can a security issue if this bug is used to hijack vulnerable domains.
Steps To Reproduce$ getent hosts gesetze-im-internet.de
193.223.78.230 gesetze-im-internet.de.io
TagsNo tags attached.
abrt_hash
URL

Activities

tigalch

tigalch

2018-12-31 07:50

manager   ~0033484

This is was I get:
getent hosts www.gesetze-im-internet.de
188.210.44.216 www.gesetze-im-internet.edge.juris.de www.gesetze-im-internet.de
host www.gesetze-im-internet.de
www.gesetze-im-internet.de is an alias for www.gesetze-im-internet.edge.juris.de.
www.gesetze-im-internet.edge.juris.de has address 188.210.44.216
nslookup www.gesetze-im-internet.de
Server: 172.31.0.2
Address: 172.31.0.2#53

Non-authoritative answer:
www.gesetze-im-internet.de canonical name = www.gesetze-im-internet.edge.juris.de.
Name: www.gesetze-im-internet.edge.juris.de
Address: 188.210.44.216

Those entries look OK to me.
Mind I can't lookup the domain name alone ...
public array

public array

2018-12-31 08:07

reporter   ~0033485

Yes those would be the correct entries.
 
From the same machine, dig gives the correct data:

$ dig gesetze-im-internet.de

; <<>> DiG 9.9.4-RedHat-9.9.4-72.el7 <<>> gesetze-im-internet.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11144
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1452
;; QUESTION SECTION:
;gesetze-im-internet.de. IN A

;; AUTHORITY SECTION:
gesetze-im-internet.de. 600 IN SOA dns2.juris.de. hostmaster.juris.de. 2016010800 86400 7200 3600000 172800

;; Query time: 299 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Dec 31 08:06:13 UTC 2018
;; MSG SIZE rcvd: 109
public array

public array

2018-12-31 08:09

reporter   ~0033486

Sorry, don't use the www. subdomain

otherwise I get the same as you;

$ getent hosts www.gesetze-im-internet.de
188.210.44.216 www.gesetze-im-internet.edge.juris.de www.gesetze-im-internet.de
public array

public array

2018-12-31 08:13

reporter   ~0033487

To fully explain, the gesetze-im-internet.de domain doesn't have the A record so no response is expected. For some reason on my machine the lookup from getent adds a `.io` at the end to this particular domain name

http://dnsviz.net/d/gesetze-im-internet.de/dnssec/
public array

public array

2018-12-31 08:20

reporter   ~0033488

I'm going to try this in a brand new VM some time later maybe I can diff the config files... this is so wired.

Issue History

Date Modified Username Field Change
2018-12-31 07:46 public array New Issue
2018-12-31 07:50 tigalch Note Added: 0033484
2018-12-31 08:07 public array Note Added: 0033485
2018-12-31 08:09 public array Note Added: 0033486
2018-12-31 08:13 public array Note Added: 0033487
2018-12-31 08:20 public array Note Added: 0033488