[Dnsmasq-discuss] Problem with domain names containing 3 or more minus in a row
Simon Kelley
simon at thekelleys.org.uk
Sat Mar 13 00:40:34 UTC 2021
Dnsmasq can be linked with the IDN library, which deals with non-ascii
characters in domain names and converst them to punycode. I suspect that
the IDN library may well barf when given a name containing punycode already.
dnsmasq -v
should tell you if IDn is in use or not, in the compile time options.
Simon.
On 11/03/2021 19:08, PsyclopS at web.de wrote:
> Hi wkitty42,
>
> thanks for the reply.
> This punycode indeed is a good startr.
>
> I found a website that converts punycode to plain text and apparently
> only one of five domains seems to be punycode.
>
> Please don't click them, they are considered to be malicious:
> address=/0----0.0----0.1596.hk/
> address=/0------------0-------------0.0n-line.info/
> address=/9------9.tk/
> address=/apple.com----macupdate.info/
> address=/xn----ylbefiabzfr6bln8a2ef.gr/
>
> The last one is in fact valid puneycode. It has kyrillic/greek letters.
>
> The first 4 domains seems to be none puneycode, maybe only made to
> distract scanner and possibly maybe even dns-blacklists?
>
> I didn't try to use the converted sample yet, since problems starting
> dnsmask already occur with the 1st domain.
> Also I don't know how to convert possible ouneycode by script.
>
> Anyway, thank you very much for the heads up.
>
>
> *Gesendet:* Montag, 08. März 2021 um 13:49 Uhr
> *Von:* wkitty42 at gmail.com
> *An:* dnsmasq-discuss at lists.thekelleys.org.uk
> *Betreff:* Re: [Dnsmasq-discuss] Problem with domain names containing 3
> or more minus in a row
> On 3/8/21 3:31 AM, PsyclopS at web.de wrote:
>> Therefore I use lists called "Shalla's Blacklists" that happen to have
> domains
>> with multiple minus in a form like this X----X.X----X.1596.hk. (This
> is not the
>> actual domain, since it is malicious I changed one letter to X).
>
> eWAG in progress:
> on first read, "punycode" comes to mind... it appears that you are trying to
> block domains which use non-latin characters in their domain names...
> have you
> tried using the actual characters instead of the punycode equivalents?
>
> for more info on "punycode" here's a link i found in a quick search...
> https://krebsonsecurity.com/2018/03/look-alike-domains-and-visual-confusion/comment-page-1/
>
> personally speaking, i don't know how dnsmasq works with non-latin character
> domain names... i don't recall reading anything specific about it in the
> last
> years i've been on the list... i look forward, with anticipation, on further
> discussion about this and how dnsmasq can work with the original and
> punycode
> formats for the same domain name...
>
> --
> NOTE: No off-list assistance is given without prior approval.
> *Please keep mailing list traffic on the list unless*
> *a signed and pre-paid contract is in effect with us.*
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
>
>
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
>
More information about the Dnsmasq-discuss
mailing list