Attaching the pcap for the reference. Was wondering if this looks like a DNS amplification attack.
1 | initial version |
Attaching the pcap for the reference. Was wondering if this looks like a DNS amplification attack.
Hi I'm still learning how to use wireshark properly. Attaching the pcap for the reference. Was wondering if this looks like a DNS amplification attack. attack.
Hi I'm still learning how to use wireshark properly. Attaching the pcap for the reference. Was wondering if this looks like a DNS amplification attack.attack.
Frame 2: 645 bytes on wire (5160 bits), 645 bytes captured (5160 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Jan 8, 2019 16:13:17.000001000 Central Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1546985597.000001000 seconds
[Time delta from previous captured frame: 0.000001000 seconds]
[Time delta from previous displayed frame: 0.000001000 seconds]
[Time since reference or first frame: 0.000001000 seconds]
Frame Number: 2
Frame Length: 645 bytes (5160 bits)
Capture Length: 645 bytes (5160 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_80:56:00 (50:87:89:80:56:00), Dst: F5Networ_8b:ea:c3 (00:23:e9:8b:ea:c3)
Destination: F5Networ_8b:ea:c3 (00:23:e9:8b:ea:c3)
Address: F5Networ_8b:ea:c3 (00:23:e9:8b:ea:c3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Cisco_80:56:00 (50:87:89:80:56:00)
Address: Cisco_80:56:00 (50:87:89:80:56:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.43.172.30, Dst: 159.180.162.56
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 631
Identification: 0xe8ff (59647)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 59
Protocol: UDP (17)
Header checksum: 0xe63f [validation disabled]
[Header checksum status: Unverified]
Source: 192.43.172.30
Destination: 159.180.162.56
User Datagram Protocol, Src Port: 53, Dst Port: 36819
Source Port: 53
Destination Port: 36819
Length: 611
Checksum: 0x34ac [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
Domain Name System (response)
Transaction ID: 0x9989
Flags: 0x8010 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...1 .... = Non-authenticated data: Acceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 6
Additional RRs: 3
Queries
PReS.sErVerHomE.Com: type A, class IN
Name: PReS.sErVerHomE.Com
[Name Length: 19]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Authoritative nameservers
sErVerHomE.Com: type NS, class IN, ns dns2.sErVerHomE.Com
Name: sErVerHomE.Com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 172800
Data length: 7
Name Server: dns2.sErVerHomE.Com
sErVerHomE.Com: type NS, class IN, ns dns1.sErVerHomE.Com
Name: sErVerHomE.Com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 172800
Data length: 7
Name Server: dns1.sErVerHomE.Com
CK0POJMG874LJREF7EFN8430QVIT8BSM.Com: type NSEC3, class IN
Name: CK0POJMG874LJREF7EFN8430QVIT8BSM.Com
Type: NSEC3 (50)
Class: IN (0x0001)
Time to live: 86400
Data length: 35
Hash algorithm: SHA-1 (1)
NSEC3 flags: 1
.... ...1 = NSEC3 Opt-out flag: Additional insecure delegations allowed
NSEC3 iterations: 0
Salt length: 0
Salt value: <missing>
Hash length: 20
Next hashed owner: 6501a0c25720ee156f6c4e39636b3ada0312d92a
RR type in bit map: NS (authoritative Name Server)
RR type in bit map: SOA (Start Of a zone of Authority)
RR type in bit map: RRSIG
RR type in bit map: DNSKEY
RR type in bit map: NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.Com: type RRSIG, class IN
Name: CK0POJMG874LJREF7EFN8430QVIT8BSM.Com
Type: RRSIG (46)
Class: IN (0x0001)
Time to live: 86400
Data length: 151
Type Covered: NSEC3 (50)
Algorithm: RSA/SHA-256 (8)
Labels: 2
Original TTL: 86400 (1 day)
Signature Expiration: Jan 14, 2019 23:43:44.000000000 Central Standard Time
Signature Inception: Jan 7, 2019 22:33:44.000000000 Central Standard Time
Key Tag: 37490
Signer's name: com
Signature: 6d008caea3a704cc50480a7ae42385884ad88d6fd22a1879...
TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com: type NSEC3, class IN
Name: TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com
Type: NSEC3 (50)
Class: IN (0x0001)
Time to live: 86400
Data length: 34
Hash algorithm: SHA-1 (1)
NSEC3 flags: 1
.... ...1 = NSEC3 Opt-out flag: Additional insecure delegations allowed
NSEC3 iterations: 0
Salt length: 0
Salt value: <missing>
Hash length: 20
Next hashed owner: ef729a70698750518c4a11fde21c274803ce5269
RR type in bit map: NS (authoritative Name Server)
RR type in bit map: DS(Delegation Signer)
RR type in bit map: RRSIG
TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com: type RRSIG, class IN
Name: TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com
Type: RRSIG (46)
Class: IN (0x0001)
Time to live: 86400
Data length: 151
Type Covered: NSEC3 (50)
Algorithm: RSA/SHA-256 (8)
Labels: 2
Original TTL: 86400 (1 day)
Signature Expiration: Jan 11, 2019 23:20:06.000000000 Central Standard Time
Signature Inception: Jan 4, 2019 22:10:06.000000000 Central Standard Time
Key Tag: 37490
Signer's name: com
Signature: 6d0088b4ecc95e372ea776f7ee7b4fe44e8c5767d564ab5c...
Additional records
dns2.sErVerHomE.Com: type A, class IN, addr 65.23.154.159
Name: dns2.sErVerHomE.Com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 172800
Data length: 4
Address: 65.23.154.159
dns1.sErVerHomE.Com: type A, class IN, addr 23.111.129.170
Name: dns1.sErVerHomE.Com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 172800
Data length: 4
Address: 23.111.129.170
<root>: type OPT
Name: <root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Unsolicited: True]
Hi I'm still learning how to use wireshark properly. Attaching the pcap for the reference. Was wondering if this looks like a DNS amplification attack. Frame 2: 645 bytes on wire (5160 bits), 645 bytes captured (5160 bits) Encapsulation type: Ethernet (1) Arrival Time: Jan 8, 2019 16:13:17.000001000 Central Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1546985597.000001000 seconds [Time delta from previous captured frame: 0.000001000 seconds] [Time delta from previous displayed frame: 0.000001000 seconds] [Time since reference or first frame: 0.000001000 seconds] Frame Number: 2 Frame Length: 645 bytes (5160 bits) Capture Length: 645 bytes (5160 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:udp:dns] [Coloring Rule Name: UDP] [Coloring Rule String: udp] Ethernet II, Src: Cisco_80:56:00 (50:87:89:80:56:00), Dst: F5Networ_8b:ea:c3 (00:23:e9:8b:ea:c3) Destination: F5Networ_8b:ea:c3 (00:23:e9:8b:ea:c3) Address: F5Networ_8b:ea:c3 (00:23:e9:8b:ea:c3) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Cisco_80:56:00 (50:87:89:80:56:00) Address: Cisco_80:56:00 (50:87:89:80:56:00) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 192.43.172.30, Dst: 159.180.162.56 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 631 Identification: 0xe8ff (59647) Flags: 0x0000 0... .... .... .... = Reserved bit: Not set .0.. .... .... .... = Don't fragment: Not set ..0. .... .... .... = More fragments: Not set ...0 0000 0000 0000 = Fragment offset: 0 Time to live: 59 Protocol: UDP (17) Header checksum: 0xe63f [validation disabled] [Header checksum status: Unverified] Source: 192.43.172.30 Destination: 159.180.162.56 User Datagram Protocol, Src Port: 53, Dst Port: 36819 Source Port: 53 Destination Port: 36819 Length: 611 Checksum: 0x34ac [unverified] [Checksum Status: Unverified] [Stream index: 0] Domain Name System (response) Transaction ID: 0x9989 Flags: 0x8010 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...0 .... .... = Recursion desired: Don't do query recursively .... .... 0... .... = Recursion available: Server can't do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...1 .... = Non-authenticated data: Acceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 0 Authority RRs: 6 Additional RRs: 3 Queries PReS.sErVerHomE.Com: type A, class IN Name: PReS.sErVerHomE.Com [Name Length: 19] [Label Count: 3] Type: A (Host Address) (1) Class: IN (0x0001) Authoritative nameservers sErVerHomE.Com: type NS, class IN, ns dns2.sErVerHomE.Com Name: sErVerHomE.Com Type: NS (authoritative Name Server) (2) Class: IN (0x0001) Time to live: 172800 Data length: 7 Name Server: dns2.sErVerHomE.Com sErVerHomE.Com: type NS, class IN, ns dns1.sErVerHomE.Com Name: sErVerHomE.Com Type: NS (authoritative Name Server) (2) Class: IN (0x0001) Time to live: 172800 Data length: 7 Name Server: dns1.sErVerHomE.Com CK0POJMG874LJREF7EFN8430QVIT8BSM.Com: type NSEC3, class IN Name: CK0POJMG874LJREF7EFN8430QVIT8BSM.Com Type: NSEC3 (50) Class: IN (0x0001) Time to live: 86400 Data length: 35 Hash algorithm: SHA-1 (1) NSEC3 flags: 1 .... ...1 = NSEC3 Opt-out flag: Additional insecure delegations allowed NSEC3 iterations: 0 Salt length: 0 Salt value: <missing> Hash length: 20 Next hashed owner: 6501a0c25720ee156f6c4e39636b3ada0312d92a RR type in bit map: NS (authoritative Name Server) RR type in bit map: SOA (Start Of a zone of Authority) RR type in bit map: RRSIG RR type in bit map: DNSKEY RR type in bit map: NSEC3PARAM CK0POJMG874LJREF7EFN8430QVIT8BSM.Com: type RRSIG, class IN Name: CK0POJMG874LJREF7EFN8430QVIT8BSM.Com Type: RRSIG (46) Class: IN (0x0001) Time to live: 86400 Data length: 151 Type Covered: NSEC3 (50) Algorithm: RSA/SHA-256 (8) Labels: 2 Original TTL: 86400 (1 day) Signature Expiration: Jan 14, 2019 23:43:44.000000000 Central Standard Time Signature Inception: Jan 7, 2019 22:33:44.000000000 Central Standard Time Key Tag: 37490 Signer's name: com Signature: 6d008caea3a704cc50480a7ae42385884ad88d6fd22a1879... TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com: type NSEC3, class IN Name: TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com Type: NSEC3 (50) Class: IN (0x0001) Time to live: 86400 Data length: 34 Hash algorithm: SHA-1 (1) NSEC3 flags: 1 .... ...1 = NSEC3 Opt-out flag: Additional insecure delegations allowed NSEC3 iterations: 0 Salt length: 0 Salt value: <missing> Hash length: 20 Next hashed owner: ef729a70698750518c4a11fde21c274803ce5269 RR type in bit map: NS (authoritative Name Server) RR type in bit map: DS(Delegation Signer) RR type in bit map: RRSIG TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com: type RRSIG, class IN Name: TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com Type: RRSIG (46) Class: IN (0x0001) Time to live: 86400 Data length: 151 Type Covered: NSEC3 (50) Algorithm: RSA/SHA-256 (8) Labels: 2 Original TTL: 86400 (1 day) Signature Expiration: Jan 11, 2019 23:20:06.000000000 Central Standard Time Signature Inception: Jan 4, 2019 22:10:06.000000000 Central Standard Time Key Tag: 37490 Signer's name: com Signature: 6d0088b4ecc95e372ea776f7ee7b4fe44e8c5767d564ab5c... Additional records dns2.sErVerHomE.Com: type A, class IN, addr 65.23.154.159 Name: dns2.sErVerHomE.Com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 172800 Data length: 4 Address: 65.23.154.159 dns1.sErVerHomE.Com: type A, class IN, addr 23.111.129.170 Name: dns1.sErVerHomE.Com Type: A (Host Address) (1) Class: IN (0x0001) Time to live: 172800 Data length: 4 Address: 23.111.129.170 <root>: type OPT Name: <root> Type: OPT (41) UDP payload size: 4096 Higher bits in extended RCODE: 0x00 EDNS0 version: 0 Z: 0x8000 1... .... .... .... = DO bit: Accepts DNSSEC security RRs .000 0000 0000 0000 = Reserved: 0x0000 Data length: 0 [Unsolicited: True]
Hi I'm still learning how to use wireshark properly. Attaching the pcap for the reference. Was wondering if this looks like a DNS amplification attack.
attack.
Frame 2: 645 bytes on wire (5160 bits), 645 bytes captured (5160 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Jan 8, 2019 16:13:17.000001000 Central Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1546985597.000001000 seconds
[Time delta from previous captured frame: 0.000001000 seconds]
[Time delta from previous displayed frame: 0.000001000 seconds]
[Time since reference or first frame: 0.000001000 seconds]
Frame Number: 2
Frame Length: 645 bytes (5160 bits)
Capture Length: 645 bytes (5160 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:dns]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_80:56:00 (50:87:89:80:56:00), Dst: F5Networ_8b:ea:c3 (00:23:e9:8b:ea:c3)
Destination: F5Networ_8b:ea:c3 (00:23:e9:8b:ea:c3)
Address: F5Networ_8b:ea:c3 (00:23:e9:8b:ea:c3)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Cisco_80:56:00 (50:87:89:80:56:00)
Address: Cisco_80:56:00 (50:87:89:80:56:00)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.43.172.30, Dst: 159.180.162.56
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
0000 00.. = Differentiated Services Codepoint: Default (0)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 631
Identification: 0xe8ff (59647)
Flags: 0x0000
0... .... .... .... = Reserved bit: Not set
.0.. .... .... .... = Don't fragment: Not set
..0. .... .... .... = More fragments: Not set
...0 0000 0000 0000 = Fragment offset: 0
Time to live: 59
Protocol: UDP (17)
Header checksum: 0xe63f [validation disabled]
[Header checksum status: Unverified]
Source: 192.43.172.30
Destination: 159.180.162.56
User Datagram Protocol, Src Port: 53, Dst Port: 36819
Source Port: 53
Destination Port: 36819
Length: 611
Checksum: 0x34ac [unverified]
[Checksum Status: Unverified]
[Stream index: 0]
Domain Name System (response)
Transaction ID: 0x9989
Flags: 0x8010 Standard query response, No error
1... .... .... .... = Response: Message is a response
.000 0... .... .... = Opcode: Standard query (0)
.... .0.. .... .... = Authoritative: Server is not an authority for domain
.... ..0. .... .... = Truncated: Message is not truncated
.... ...0 .... .... = Recursion desired: Don't do query recursively
.... .... 0... .... = Recursion available: Server can't do recursive queries
.... .... .0.. .... = Z: reserved (0)
.... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
.... .... ...1 .... = Non-authenticated data: Acceptable
.... .... .... 0000 = Reply code: No error (0)
Questions: 1
Answer RRs: 0
Authority RRs: 6
Additional RRs: 3
Queries
PReS.sErVerHomE.Com: type A, class IN
Name: PReS.sErVerHomE.Com
[Name Length: 19]
[Label Count: 3]
Type: A (Host Address) (1)
Class: IN (0x0001)
Authoritative nameservers
sErVerHomE.Com: type NS, class IN, ns dns2.sErVerHomE.Com
Name: sErVerHomE.Com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 172800
Data length: 7
Name Server: dns2.sErVerHomE.Com
sErVerHomE.Com: type NS, class IN, ns dns1.sErVerHomE.Com
Name: sErVerHomE.Com
Type: NS (authoritative Name Server) (2)
Class: IN (0x0001)
Time to live: 172800
Data length: 7
Name Server: dns1.sErVerHomE.Com
CK0POJMG874LJREF7EFN8430QVIT8BSM.Com: type NSEC3, class IN
Name: CK0POJMG874LJREF7EFN8430QVIT8BSM.Com
Type: NSEC3 (50)
Class: IN (0x0001)
Time to live: 86400
Data length: 35
Hash algorithm: SHA-1 (1)
NSEC3 flags: 1
.... ...1 = NSEC3 Opt-out flag: Additional insecure delegations allowed
NSEC3 iterations: 0
Salt length: 0
Salt value: <missing>
<MISSING>
Hash length: 20
Next hashed owner: 6501a0c25720ee156f6c4e39636b3ada0312d92a
RR type in bit map: NS (authoritative Name Server)
RR type in bit map: SOA (Start Of a zone of Authority)
RR type in bit map: RRSIG
RR type in bit map: DNSKEY
RR type in bit map: NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.Com: type RRSIG, class IN
Name: CK0POJMG874LJREF7EFN8430QVIT8BSM.Com
Type: RRSIG (46)
Class: IN (0x0001)
Time to live: 86400
Data length: 151
Type Covered: NSEC3 (50)
Algorithm: RSA/SHA-256 (8)
Labels: 2
Original TTL: 86400 (1 day)
Signature Expiration: Jan 14, 2019 23:43:44.000000000 Central Standard Time
Signature Inception: Jan 7, 2019 22:33:44.000000000 Central Standard Time
Key Tag: 37490
Signer's name: com
Signature: 6d008caea3a704cc50480a7ae42385884ad88d6fd22a1879...
TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com: type NSEC3, class IN
Name: TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com
Type: NSEC3 (50)
Class: IN (0x0001)
Time to live: 86400
Data length: 34
Hash algorithm: SHA-1 (1)
NSEC3 flags: 1
.... ...1 = NSEC3 Opt-out flag: Additional insecure delegations allowed
NSEC3 iterations: 0
Salt length: 0
Salt value: <missing>
<MISSING>
Hash length: 20
Next hashed owner: ef729a70698750518c4a11fde21c274803ce5269
RR type in bit map: NS (authoritative Name Server)
RR type in bit map: DS(Delegation Signer)
RR type in bit map: RRSIG
TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com: type RRSIG, class IN
Name: TTP794JIRPMAP0AQ85GR1UK3D6HMC06O.Com
Type: RRSIG (46)
Class: IN (0x0001)
Time to live: 86400
Data length: 151
Type Covered: NSEC3 (50)
Algorithm: RSA/SHA-256 (8)
Labels: 2
Original TTL: 86400 (1 day)
Signature Expiration: Jan 11, 2019 23:20:06.000000000 Central Standard Time
Signature Inception: Jan 4, 2019 22:10:06.000000000 Central Standard Time
Key Tag: 37490
Signer's name: com
Signature: 6d0088b4ecc95e372ea776f7ee7b4fe44e8c5767d564ab5c...
Additional records
dns2.sErVerHomE.Com: type A, class IN, addr 65.23.154.159
Name: dns2.sErVerHomE.Com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 172800
Data length: 4
Address: 65.23.154.159
dns1.sErVerHomE.Com: type A, class IN, addr 23.111.129.170
Name: dns1.sErVerHomE.Com
Type: A (Host Address) (1)
Class: IN (0x0001)
Time to live: 172800
Data length: 4
Address: 23.111.129.170
<root>: <Root>: type OPT
Name: <root>
<Root>
Type: OPT (41)
UDP payload size: 4096
Higher bits in extended RCODE: 0x00
EDNS0 version: 0
Z: 0x8000
1... .... .... .... = DO bit: Accepts DNSSEC security RRs
.000 0000 0000 0000 = Reserved: 0x0000
Data length: 0
[Unsolicited: True]True]