ychaouche · November 28, 2024 11:59
diff --git a/dkim validation b/dkim validation
 root@messagerie-prep[10.10.10.19] ~ # _asroot tcpdump -i eth0 -l -n "host 10.10.10.19 and (tcp[13]==2 or icmp or udp) and src net not (192.168.0.0/16 or 172.16.0.0/16 or 10.0.0.0/8) and port 53"
 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
 listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
 12:56:08.111496 IP 199.249.120.1.53 > 10.10.10.19.56505: 36063- 0/8/9 (821)
 12:56:08.239833 IP 192.99.37.66.53 > 10.10.10.19.63603: 27326*- 1/4/8 TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh9VtkDG1wmhnqLYLoSlnKcA0IA738GmsKa/HC2Q790KJkslz8Q3lq4W/1aeOPNxK0iASSWcetcbAI+KDGqxXf9UfRay8oSfNc+SmcFOihoY" "iwVcFnzoPfU0QZVLQUjKCKv2ovlkiMqT2NgZa7+i53DrcCzCwe06PbB6eXmMFD/eLSeinPqeMC9vdZ6AG/Y9LoBFCCqxTGJ4rSv6XzBzDOFPSYYFiKAZQBzX0q0oNxtEtextYOFGIaINtBpcA5cA9Z8EX4xqbgQS77fWi79TVSHWOXMITdvkoKyx6EeCPDEl3TwsfZmm2WqaRCrZJZfSgKtzmpM3UWJcM50Cn6J5ywIDAQAB" (716)
 12:58:36.291710 IP 192.5.6.30.53 > 10.10.10.19.34266: 14639- 0/6/1 (477)
 12:58:36.305884 IP 162.159.3.11.53 > 10.10.10.19.63767: 36120*- 4/0/1 AAAA 2606:4700:58::a29f:2ccb, AAAA 2a06:98c1:50::ac40:23cb, AAAA 2803:f800:50::6ca2:c3cb, RRSIG (249)
 12:58:36.306303 IP 162.159.9.55.53 > 10.10.10.19.59944: 60232*- 4/0/1 A 172.64.35.203, A 108.162.195.203, A 162.159.44.203, RRSIG (213)
 12:58:36.307301 IP 162.159.7.226.53 > 10.10.10.19.53456: 54172*- 4/0/1 A 108.162.194.77, A 172.64.34.77, A 162.159.38.77, RRSIG (213)
 12:58:36.307537 IP 162.159.5.6.53 > 10.10.10.19.39796: 57589*- 4/0/1 AAAA 2803:f800:50::6ca2:c24d, AAAA 2606:4700:50::a29f:264d, AAAA 2a06:98c1:50::ac40:224d, RRSIG (249)
 12:58:36.330356 IP 162.159.44.203.53 > 10.10.10.19.23608: 44810*- 1/0/1 TXT "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOmWqIjmnBCkhjq2JpdAi6GLprdmuo8IZwLB51AhJ4L9WOkZyLAKgwAvHRVu+G4AX0nwBQWBOOWQ/UdOm7hD+IuA+VgW9sCZJgV9gH3+shTkQZcO4ooL4bg5sXohALTtML2tFbuKBtfeECgIeWQa0Ze+gxN3KW7i8jRLtMfnqYHwIDAQAB" (300)

diff --git a/tcpdump output b/tcpdump output
 12:26:22.999404 173.245.58.143.53     - 10.10.10.19.44930:    US CLOUDFLARENET (cached)
 12:26:23.053682 204.74.104.61.53      - 10.10.10.19.48807:    US SECURITYSERVICES (cached)
 12:26:23.054016 192.52.178.30.53      - 10.10.10.19.6851:     US VGRSGTLD-11 (cached)
 12:26:23.056478 192.52.178.30.53      - 10.10.10.19.11686:    US VGRSGTLD-11 (cached)
 12:26:23.056506 192.52.178.30.53      - 10.10.10.19.15554:    US VGRSGTLD-11 (cached)
 12:26:23.058111 192.41.162.30.53      - 10.10.10.19.62569:    US VGRSGTLD-7 (cached)
 12:26:23.058135 204.74.104.61.53      - 10.10.10.19.63963:    US SECURITYSERVICES (cached)
 12:26:23.058842 192.41.162.30.53      - 10.10.10.19.21121:    US VGRSGTLD-7 (cached)
 12:26:23.064860 170.247.170.2.53      - 10.10.10.19.9477:     US LACNIC-ERX-170-247-0-0 (cached)
 12:26:23.073584 199.249.120.1.53      - 10.10.10.19.25294:    US AFILIAS-NET5 (cached)
 12:26:23.075065 192.12.94.30.53       - 10.10.10.19.20647:    US VGRSGTLD-2 (cached)
 12:26:23.076580 192.12.94.30.53       - 10.10.10.19.5036:     US VGRSGTLD-2 (cached)
 12:26:23.078597 192.5.6.30.53         - 10.10.10.19.31597:    US VGRSGTLD-1 (cached)
 12:26:23.083204 156.154.65.90.53      - 10.10.10.19.8709:     US SSL-1134
 12:26:23.140725 103.49.80.1.53        - 10.10.10.19.6450:     GB NOMINET-NS-2-1 (cached)
 12:26:23.140773 192.33.4.12.53        - 10.10.10.19.59405:    US COGENT-192-33-24 (cached)
 12:26:23.140796 192.52.178.30.53      - 10.10.10.19.18431:    US VGRSGTLD-11 (cached)
 12:26:23.140805 198.97.190.53.53      - 10.10.10.19.58789:    US NETBLK-GOC (cached)
 12:26:23.140814 198.97.190.53.53      - 10.10.10.19.20161:    US NETBLK-GOC (cached)
 12:26:23.140824 156.154.64.196.53     - 10.10.10.19.38092:    US SSL-1134 (cached)
 12:26:23.140832 192.58.128.30.53      - 10.10.10.19.41071:    US VGRSGTLD-14 (cached)
 12:26:23.140841 156.154.64.196.53     - 10.10.10.19.55634:    US SSL-1134 (cached)
 12:26:23.147406 156.154.66.196.53     - 10.10.10.19.51032:    US SSL-1134 (cached)
 12:26:23.149022 199.19.53.1.53        - 10.10.10.19.19926:    US AFILIAS-NET1 (cached)
 12:26:23.151775 199.19.57.1.53        - 10.10.10.19.26686:    US AFILIAS-NET1 (cached)
 12:26:23.155266 199.19.54.1.53        - 10.10.10.19.31431:    US AFILIAS-NET1 (cached)
 12:26:23.158842 199.7.69.1.53         - 10.10.10.19.5806:     US SECURITYSERVICES (cached)
 12:26:23.179106 136.143.172.88.53     - 10.10.10.19.28188:    US ZOHOC
 12:26:23.196202 204.74.106.61.53      - 10.10.10.19.14089:    US SECURITYSERVICES (cached)
 12:26:23.201671 204.74.104.61.53      - 10.10.10.19.50358:    US SECURITYSERVICES (cached)
 12:26:23.202236 199.19.54.1.53        - 10.10.10.19.39930:    US AFILIAS-NET1 (cached)
 12:26:23.210152 199.7.68.1.53         - 10.10.10.19.60856:    US SECURITYSERVICES (cached)
 12:26:23.214351 156.154.66.90.53      - 10.10.10.19.40063:    US SSL-1134
 12:26:23.216380 156.154.66.196.53     - 10.10.10.19.28880:    US SSL-1134 (cached)
 12:26:23.255459 204.74.104.61.53      - 10.10.10.19.41758:    US SECURITYSERVICES (cached)
 12:26:23.283276 199.254.50.1.53       - 10.10.10.19.31935:    US AFILIAS-NET2 (cached)
 12:26:23.363402 156.154.67.196.53     - 10.10.10.19.7462:     US SSL-1134 (cached)
	root@messagerie-prep[10.10.10.19] ~ # _asroot tcpdump -i eth0 -l -n "host 10.10.10.19 and (tcp[13]==2 or icmp or udp) and src net not (192.168.0.0/16 or 172.16.0.0/16 or 10.0.0.0/8) and port 53"
	tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
	listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
	12:56:08.111496 IP 199.249.120.1.53 > 10.10.10.19.56505: 36063- 0/8/9 (821)
	12:56:08.239833 IP 192.99.37.66.53 > 10.10.10.19.63603: 27326*- 1/4/8 TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsh9VtkDG1wmhnqLYLoSlnKcA0IA738GmsKa/HC2Q790KJkslz8Q3lq4W/1aeOPNxK0iASSWcetcbAI+KDGqxXf9UfRay8oSfNc+SmcFOihoY" "iwVcFnzoPfU0QZVLQUjKCKv2ovlkiMqT2NgZa7+i53DrcCzCwe06PbB6eXmMFD/eLSeinPqeMC9vdZ6AG/Y9LoBFCCqxTGJ4rSv6XzBzDOFPSYYFiKAZQBzX0q0oNxtEtextYOFGIaINtBpcA5cA9Z8EX4xqbgQS77fWi79TVSHWOXMITdvkoKyx6EeCPDEl3TwsfZmm2WqaRCrZJZfSgKtzmpM3UWJcM50Cn6J5ywIDAQAB" (716)
	12:58:36.291710 IP 192.5.6.30.53 > 10.10.10.19.34266: 14639- 0/6/1 (477)
	12:58:36.305884 IP 162.159.3.11.53 > 10.10.10.19.63767: 36120*- 4/0/1 AAAA 2606:4700:58::a29f:2ccb, AAAA 2a06:98c1:50::ac40:23cb, AAAA 2803:f800:50::6ca2:c3cb, RRSIG (249)
	12:58:36.306303 IP 162.159.9.55.53 > 10.10.10.19.59944: 60232*- 4/0/1 A 172.64.35.203, A 108.162.195.203, A 162.159.44.203, RRSIG (213)
	12:58:36.307301 IP 162.159.7.226.53 > 10.10.10.19.53456: 54172*- 4/0/1 A 108.162.194.77, A 172.64.34.77, A 162.159.38.77, RRSIG (213)
	12:58:36.307537 IP 162.159.5.6.53 > 10.10.10.19.39796: 57589*- 4/0/1 AAAA 2803:f800:50::6ca2:c24d, AAAA 2606:4700:50::a29f:264d, AAAA 2a06:98c1:50::ac40:224d, RRSIG (249)
	12:58:36.330356 IP 162.159.44.203.53 > 10.10.10.19.23608: 44810*- 1/0/1 TXT "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDOmWqIjmnBCkhjq2JpdAi6GLprdmuo8IZwLB51AhJ4L9WOkZyLAKgwAvHRVu+G4AX0nwBQWBOOWQ/UdOm7hD+IuA+VgW9sCZJgV9gH3+shTkQZcO4ooL4bg5sXohALTtML2tFbuKBtfeECgIeWQa0Ze+gxN3KW7i8jRLtMfnqYHwIDAQAB" (300)
	12:26:22.999404 173.245.58.143.53 - 10.10.10.19.44930: US CLOUDFLARENET (cached)
	12:26:23.053682 204.74.104.61.53 - 10.10.10.19.48807: US SECURITYSERVICES (cached)
	12:26:23.054016 192.52.178.30.53 - 10.10.10.19.6851: US VGRSGTLD-11 (cached)
	12:26:23.056478 192.52.178.30.53 - 10.10.10.19.11686: US VGRSGTLD-11 (cached)
	12:26:23.056506 192.52.178.30.53 - 10.10.10.19.15554: US VGRSGTLD-11 (cached)
	12:26:23.058111 192.41.162.30.53 - 10.10.10.19.62569: US VGRSGTLD-7 (cached)
	12:26:23.058135 204.74.104.61.53 - 10.10.10.19.63963: US SECURITYSERVICES (cached)
	12:26:23.058842 192.41.162.30.53 - 10.10.10.19.21121: US VGRSGTLD-7 (cached)
	12:26:23.064860 170.247.170.2.53 - 10.10.10.19.9477: US LACNIC-ERX-170-247-0-0 (cached)
	12:26:23.073584 199.249.120.1.53 - 10.10.10.19.25294: US AFILIAS-NET5 (cached)
	12:26:23.075065 192.12.94.30.53 - 10.10.10.19.20647: US VGRSGTLD-2 (cached)
	12:26:23.076580 192.12.94.30.53 - 10.10.10.19.5036: US VGRSGTLD-2 (cached)
	12:26:23.078597 192.5.6.30.53 - 10.10.10.19.31597: US VGRSGTLD-1 (cached)
	12:26:23.083204 156.154.65.90.53 - 10.10.10.19.8709: US SSL-1134
	12:26:23.140725 103.49.80.1.53 - 10.10.10.19.6450: GB NOMINET-NS-2-1 (cached)
	12:26:23.140773 192.33.4.12.53 - 10.10.10.19.59405: US COGENT-192-33-24 (cached)
	12:26:23.140796 192.52.178.30.53 - 10.10.10.19.18431: US VGRSGTLD-11 (cached)
	12:26:23.140805 198.97.190.53.53 - 10.10.10.19.58789: US NETBLK-GOC (cached)
	12:26:23.140814 198.97.190.53.53 - 10.10.10.19.20161: US NETBLK-GOC (cached)
	12:26:23.140824 156.154.64.196.53 - 10.10.10.19.38092: US SSL-1134 (cached)
	12:26:23.140832 192.58.128.30.53 - 10.10.10.19.41071: US VGRSGTLD-14 (cached)
	12:26:23.140841 156.154.64.196.53 - 10.10.10.19.55634: US SSL-1134 (cached)
	12:26:23.147406 156.154.66.196.53 - 10.10.10.19.51032: US SSL-1134 (cached)
	12:26:23.149022 199.19.53.1.53 - 10.10.10.19.19926: US AFILIAS-NET1 (cached)
	12:26:23.151775 199.19.57.1.53 - 10.10.10.19.26686: US AFILIAS-NET1 (cached)
	12:26:23.155266 199.19.54.1.53 - 10.10.10.19.31431: US AFILIAS-NET1 (cached)
	12:26:23.158842 199.7.69.1.53 - 10.10.10.19.5806: US SECURITYSERVICES (cached)
	12:26:23.179106 136.143.172.88.53 - 10.10.10.19.28188: US ZOHOC
	12:26:23.196202 204.74.106.61.53 - 10.10.10.19.14089: US SECURITYSERVICES (cached)
	12:26:23.201671 204.74.104.61.53 - 10.10.10.19.50358: US SECURITYSERVICES (cached)
	12:26:23.202236 199.19.54.1.53 - 10.10.10.19.39930: US AFILIAS-NET1 (cached)
	12:26:23.210152 199.7.68.1.53 - 10.10.10.19.60856: US SECURITYSERVICES (cached)
	12:26:23.214351 156.154.66.90.53 - 10.10.10.19.40063: US SSL-1134
	12:26:23.216380 156.154.66.196.53 - 10.10.10.19.28880: US SSL-1134 (cached)
	12:26:23.255459 204.74.104.61.53 - 10.10.10.19.41758: US SECURITYSERVICES (cached)
	12:26:23.283276 199.254.50.1.53 - 10.10.10.19.31935: US AFILIAS-NET2 (cached)
	12:26:23.363402 156.154.67.196.53 - 10.10.10.19.7462: US SSL-1134 (cached)