While playing with the DNS of test.com, I discovered that if I query anything, I get a valid response.
For example:
dig superuser-is-awesome.test.com -t TXT
; <<>> DiG 9.10.5-P2-RedHat-9.10.5-2.P2.fc25 <<>> superuser-is-awesome.test.com -t TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52365
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;superuser-is-awesome.test.com. IN TXT
;; ANSWER SECTION:
superuser-is-awesome.test.com. 7200 IN TXT "v=spf1 ~all"
;; Query time: 133 msec
;; SERVER: 89.2.0.1#53(89.2.0.1)
;; WHEN: ven. sept. 01 14:28:12 CEST 2017
;; MSG SIZE rcvd: 86
It works the same with type A
or even no type at all:
dig superuser-is-awesome.test.com
; <<>> DiG 9.10.5-P2-RedHat-9.10.5-2.P2.fc25 <<>> superuser-is-awesome.test.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9026
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;superuser-is-awesome.test.com. IN A
;; ANSWER SECTION:
superuser-is-awesome.test.com. 3600 IN A 69.172.200.109
;; Query time: 130 msec
;; SERVER: 89.2.0.1#53(89.2.0.1)
;; WHEN: ven. sept. 01 14:29:20 CEST 2017
;; MSG SIZE rcvd: 74
How is that possible? Is there a way to get the real value (should be nothing, except if truly exists)?
curl -I
, you can see the redirected url.dig *.test.com
, you'll get the same results!