Firewall Wizards mailing list archives

Re: (no subject)

From: Coleburn <coleburn () aland net>
Date: Thu, 22 Jun 2006 11:33:28 +0300 (EEST)

On Tue, 20 Jun 2006, Aaron Smith wrote:

On Tue, 2006-06-20 at 13:12 -0500, Frank Knobbe wrote:
On Mon, 2006-06-19 at 22:18 -0400, Paul D. Robertson wrote:

But looky here! Today I get:

# host talk.google.com
talk.google.com is an alias for talk.l.google.com.
talk.l.google.com has address 216.239.37.125
talk.google.com is an alias for talk.l.google.com.
talk.google.com is an alias for talk.l.google.com.

# host www.google.com
www.google.com is an alias for www.l.google.com.
www.l.google.com has address 64.233.179.99
www.l.google.com has address 64.233.179.104
www.google.com is an alias for www.l.google.com.
www.google.com is an alias for www.l.google.com.

So it would appear that the initial reports are wrong and the IP
addresses are indeed different. Hopefully you are able to block all
distributed IP's for talk.google while leaving at least some for
www.google unblocked so you can use the search engine.


Not quite--you need to use a better DNS query tool:
# dnsq a talk.google.com ns1.google.com
ÿÿÿÿ(Tuesday, June 20)ÿÿÿÿ
1 talk.google.com:
246 bytes, 1+1+6+6 records, response, authoritative, noerror
query: 1 talk.google.com
answer: talk.google.com 604800 CNAME talk.l.google.com
authority: l.google.com 86400 NS a.l.google.com
authority: l.google.com 86400 NS b.l.google.com
authority: l.google.com 86400 NS c.l.google.com
authority: l.google.com 86400 NS d.l.google.com
authority: l.google.com 86400 NS e.l.google.com
authority: l.google.com 86400 NS g.l.google.com
additional: a.l.google.com 86400 A 216.239.53.9
additional: b.l.google.com 86400 A 64.233.179.9
additional: c.l.google.com 86400 A 64.233.161.9
additional: d.l.google.com 86400 A 64.233.183.9
additional: e.l.google.com 86400 A 66.102.11.9
additional: g.l.google.com 86400 A 64.233.167.9

# dnsq a www.google.com ns1.google.com
ÿÿÿÿ(Tuesday, June 20)ÿÿÿÿ
1 www.google.com:
244 bytes, 1+1+6+6 records, response, authoritative, noerror
query: 1 www.google.com
answer: www.google.com 604800 CNAME www.l.google.com
authority: l.google.com 86400 NS a.l.google.com
authority: l.google.com 86400 NS b.l.google.com
authority: l.google.com 86400 NS c.l.google.com
authority: l.google.com 86400 NS d.l.google.com
authority: l.google.com 86400 NS e.l.google.com
authority: l.google.com 86400 NS g.l.google.com
additional: a.l.google.com 86400 A 216.239.53.9
additional: b.l.google.com 86400 A 64.233.179.9
additional: c.l.google.com 86400 A 64.233.161.9
additional: d.l.google.com 86400 A 64.233.183.9
additional: e.l.google.com 86400 A 66.102.11.9
additional: g.l.google.com 86400 A 64.233.167.9


Not quite--you need to check your interpretation of the DNS answers

Above given data is entirely correct, but you missed a step!

As the answer section says, talk.google.com is a CNAME fortalk.l.google.com AND the authorative NS for l.google.com is one of theabove mentioned NS. Thus -->


[nickes@thunder ~] dig @a.l.google.com talk.l.google.com a

; <<>> DiG 9.3.2 <<>> @a.l.google.com talk.l.google.com a
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2028
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;talk.l.google.com.             IN      A

;; ANSWER SECTION:
talk.l.google.com.      300     IN      A       64.233.167.125
talk.l.google.com.      300     IN      A       216.239.37.125

;; Query time: 191 msec
;; SERVER: 216.239.53.9#53(216.239.53.9)
;; WHEN: Thu Jun 22 11:10:16 2006
;; MSG SIZE  rcvd: 67

and

[nickes@thunder ~] dig @a.l.google.com www.l.google.com a

; <<>> DiG 9.3.2 <<>> @a.l.google.com www.l.google.com a
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20348
;; flags: qr aa; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.l.google.com.              IN      A

;; ANSWER SECTION:
www.l.google.com.       300     IN      A       66.249.93.104
www.l.google.com.       300     IN      A       66.249.93.99

;; Query time: 191 msec
;; SERVER: 216.239.53.9#53(216.239.53.9)
;; WHEN: Thu Jun 22 11:14:20 2006
;; MSG SIZE  rcvd: 66

which in fact gives us exactly the same answer as Franks simple 'host'command, since the above procedure is what 'host' actually performs.

This means that you should be able to block out talk.google.com whereveryou like, and still be able to use the search engine.



==Coleburn==

--
---

It takes a lot of knowledge
to really mess something up!

---

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

(no subject) Paul D. Robertson (Jun 19)
- Re: (no subject) Devdas Bhagat (Jun 20)
  - Re: (no subject) Marcus J. Ranum (Jun 21)
- Re: (no subject) Frank Knobbe (Jun 20)
  - Re: (no subject) Aaron Smith (Jun 21)
    - Re: (no subject) Coleburn (Jun 22)