happy halloween I guess

joeyh at 2016-11-01T00:11:44Z

http://www.slate.com/articles/news_and_politics/cover_story/2016/10/was_a_server_registered_to_the_trump_organization_communicating_with_russia.html


... This is perhaps interesting politically in a isn't-October-over-yet kind of way ...


But, technically, it suggests strongly that the DNS root server operators are keeping and sharing logs of all TLD resolution, going back months, and using them for political and other purposes.


Which is freaking scary.


(More technical data at http://gdd.i2p.xyz/ )

Christopher Allan Webber likes this.

Hmm, I was thinking root servers based on language like "The Russian Alfa Bank was the first to contact the newly renamed host". Only root server logs could let you determine that.


But, in http://gdd.i2p.xyz/logs/ns1_cdcservices_com.log I see lookups for a non-toplevel-domain. So maybe it's not root servers. If not, and if it's just a bunch of big DNS server operators (8.8.8.8 and so on), then they're overstating their case some.

joeyh at 2016-11-01T00:22:46Z

The less paranoid explanation is that the operator of the authoratative DNS servers for the domain passed on the logs. That explains the log filenames.

joeyh at 2016-11-01T00:48:23Z

Christopher Allan Webber likes this.

Apparenly there's something called Passive DNS, invented by Florian Weimer that captures a large amount of DNS information.


(This is .. a little surprising to me, since the Florian Weimer I know is a Debian Developer.)


https://www.farsightsecurity.com/Technical/Passive_DNS_Sensor/

"The passive DNS sensor only collects the DNS data received by a caching server as the result of recursion. The queries sent by individual clients are never logged."


Sounds like that could not produce the logs that are on that website. It could be used to help verify the legitimacy of such a more detailed log however.

joeyh at 2016-11-01T01:51:13Z