Not replying to DNS queries #6
Description
I'm running jaqen on VPS of mine like so:
# using fake IPs for GitHub
EXTERNAL_IP=54.173.189.125
INTERNAL_IP=172.30.0.10
# start jaqen
sudo ./jaqen \
--base-uri mydomainna.me \
--dns-bind "0.0.0.0:53" \
--http-bind "$EXTERNAL_IP" \
--http-pool "$INTERNAL_IP" \
--http-bind-map "$INTERNAL_IP/$EXTERNAL_IP" -vvvI've configured mydomainna.me to use a $EXTERNAL_IP as a custom nameserver and have disabled the firewall to allow traffic on port 53. When I run jaqen and request http://mydomainna.me in the browser I get the following output in the console.
INFO[0000] Found 1 eligible addresses meeting criteria: [54.173.189.125\172.30.0.10:80]
INFO[0000] Leasing 54.173.189.125\172.30.0.10:80
INFO[0000] Created HTTPServer bound to "54.173.189.125\172.30.0.10:80" as a result of request "00000000-0000-0000-0000-000000000000" on socket "00000000-0000-0000-0000-000000000000"
INFO[0000] Created new DNSServer bound to "0.0.0.0:53" (tcp)
INFO[0000] Created new DNSServer bound to "0.0.0.0:53" (udp)
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN A
DEBU[0015] Got DNS Request: ;webcdn.website. IN A
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
However, it jaqen doesn't actually return DNS responses. A simple nslookup shows:
> mydomainna.me
Server: 127.0.1.1
Address: 127.0.1.1#53
** server can't find mydomainna.me: SERVFAIL
And monitoring DNS queries via tcpdump also shows the DNS server is failing:
$ sudo tcpdump udp port 53
23:11:28.099524 IP brannon.47992 > router.asus.com.domain: 45422+ A? mydomainna.me. (32)
23:11:28.099538 IP brannon.47992 > router.asus.com.domain: 11880+ AAAA? mydomainna.me. (32)
23:11:28.177006 IP router.asus.com.domain > brannon.47992: 45422 ServFail 0/0/0 (32)
23:11:28.281190 IP router.asus.com.domain > brannon.47992: 11880 ServFail 0/0/0 (32)
23:11:28.281539 IP brannon.47992 > router.asus.com.domain: 23679+ A? mydomainna.me. (32)
23:11:28.281583 IP brannon.47992 > router.asus.com.domain: 63510+ AAAA? mydomainna.me. (32)
23:11:28.358193 IP router.asus.com.domain > brannon.47992: 23679 ServFail 0/0/0 (32)
23:11:28.860719 IP router.asus.com.domain > brannon.47992: 63510 ServFail 0/0/0 (32)
23:11:28.861286 IP brannon.47992 > router.asus.com.domain: 29708+ A? mydomainna.me. (32)
23:11:28.861339 IP brannon.47992 > router.asus.com.domain: 42729+ AAAA? mydomainna.me. (32)
23:11:28.939490 IP router.asus.com.domain > brannon.47992: 29708 ServFail 0/0/0 (32)
23:11:28.944913 IP router.asus.com.domain > brannon.47992: 42729 ServFail 0/0/0 (32)
# ...etc
@li-lyoung, any ideas what this might be? I have a hung that I'm using the CLI args wrong but I figured you might have a better idea. Great research and DEFCON 25 talk btw 👍.