You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've configured mydomainna.me to use a $EXTERNAL_IP as a custom nameserver and have disabled the firewall to allow traffic on port 53. When I run jaqen and request http://mydomainna.me in the browser I get the following output in the console.
INFO[0000] Found 1 eligible addresses meeting criteria: [54.173.189.125\172.30.0.10:80]
INFO[0000] Leasing 54.173.189.125\172.30.0.10:80
INFO[0000] Created HTTPServer bound to "54.173.189.125\172.30.0.10:80" as a result of request "00000000-0000-0000-0000-000000000000" on socket "00000000-0000-0000-0000-000000000000"
INFO[0000] Created new DNSServer bound to "0.0.0.0:53" (tcp)
INFO[0000] Created new DNSServer bound to "0.0.0.0:53" (udp)
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN A
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0014] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN A
DEBU[0015] Got DNS Request: ;webcdn.website. IN A
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
DEBU[0015] Got DNS Request: ;webcdn.website. IN AAAA
However, it jaqen doesn't actually return DNS responses. A simple nslookup shows:
And monitoring DNS queries via tcpdump also shows the DNS server is failing:
$ sudo tcpdump udp port 53
23:11:28.099524 IP brannon.47992 > router.asus.com.domain: 45422+ A? mydomainna.me. (32)
23:11:28.099538 IP brannon.47992 > router.asus.com.domain: 11880+ AAAA? mydomainna.me. (32)
23:11:28.177006 IP router.asus.com.domain > brannon.47992: 45422 ServFail 0/0/0 (32)
23:11:28.281190 IP router.asus.com.domain > brannon.47992: 11880 ServFail 0/0/0 (32)
23:11:28.281539 IP brannon.47992 > router.asus.com.domain: 23679+ A? mydomainna.me. (32)
23:11:28.281583 IP brannon.47992 > router.asus.com.domain: 63510+ AAAA? mydomainna.me. (32)
23:11:28.358193 IP router.asus.com.domain > brannon.47992: 23679 ServFail 0/0/0 (32)
23:11:28.860719 IP router.asus.com.domain > brannon.47992: 63510 ServFail 0/0/0 (32)
23:11:28.861286 IP brannon.47992 > router.asus.com.domain: 29708+ A? mydomainna.me. (32)
23:11:28.861339 IP brannon.47992 > router.asus.com.domain: 42729+ AAAA? mydomainna.me. (32)
23:11:28.939490 IP router.asus.com.domain > brannon.47992: 29708 ServFail 0/0/0 (32)
23:11:28.944913 IP router.asus.com.domain > brannon.47992: 42729 ServFail 0/0/0 (32)
# ...etc
@li-lyoung, any ideas what this might be? I have a hung that I'm using the CLI args wrong but I figured you might have a better idea. Great research and DEFCON 25 talk btw 👍.
The text was updated successfully, but these errors were encountered:
Aha, turns out you can't just query mydomainna.me without prepending the UUID subdomain. I had to use the actual RebindDNS object in v1.js. Seems to be working now except the DNS responses are for the $INTERNAL_IP instead of the $EXTERNAL_IP.
;; QUESTION SECTION:
;9b359ec6-6d7d-4587-8348-d9e217fcde79.webcdn.website. IN A
;; ANSWER SECTION:
9b359ec6-6d7d-4587-8348-d9e217fcde79.webcdn.website. 4 IN A 172.30.0.10
This must be a miss use of the --http-bind, --http-pool, and --http-bind-map parameters, but I can't for the life of me come up with a combination that responds with my $EXTERNAL_IP... Especially considering the server logs this on start:
INFO[0059] Releasing lease on 54.173.189.125\172.30.0.10:80
I think I want those values reversed but flipping them in --http-bind-map gives me:
I'm running
jaqen
on VPS of mine like so:I've configured
mydomainna.me
to use a$EXTERNAL_IP
as a custom nameserver and have disabled the firewall to allow traffic on port 53. When I runjaqen
and requesthttp://mydomainna.me
in the browser I get the following output in the console.However, it
jaqen
doesn't actually return DNS responses. A simple nslookup shows:And monitoring DNS queries via
tcpdump
also shows the DNS server is failing:@li-lyoung, any ideas what this might be? I have a hung that I'm using the CLI args wrong but I figured you might have a better idea. Great research and DEFCON 25 talk btw 👍.
The text was updated successfully, but these errors were encountered: