Tumblelog by Soup.io
Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

February 19 2012

December 09 2011

August 19 2011

April 07 2011

November 30 2010

Projektidee: einen DNS-Resolver der folgendes macht
- "normales", rekusives resolven
- eine Liste mit weiteren Servern

bei einer Anfrage wird nun das ergebnis der Abfragen aller eingestellten Server mit einerander verglichen und bei unstimmigkeiten der Client informiert

Wie das mit dem "informiert" läuft müsste mann dann mal schauen... in wiefern unstimmigkeiten auf geo-dns-zeusg zurückzuführen sind müsste man dann auch mal schauen...
Tags: dns censorship
Reposted bydigitalekulturresearchprojektdefinitionen

November 02 2010

Welcome to .my DOMAIN REGISTRY's DNSSEC Test Bed Website

Drill is a tool ala dig from BIND. It was designed with DNSSEC in mind and should be a useful debugging/query tool for DNSSEC.

October 27 2010

# dig soa domain.tld
domain.tld.   86400 IN SOA dns1.pro.vider.de. hostmaster.pro.vider.de. (

// somebody didnt get DNS right... M(
Tags: dns soa fail
Reposted byit-failSpinNE555

October 19 2010

DNSSEC is not a cure-all, however, and network administrators and users still need to guard against spam and phishing attacks. For example, phishing attacks often exploit similar-looking domain names such as www.google.co.uk and www.goog1e.co.uk. DNSSEC can't protect against such tricks. Also, DNSSEC doesn't protect against distributed denial-of-service (DDoS) attacks.
DNS server security: Finding and using DNSSEC tutorial resources

// *facepalm*
Tags: dns dnssec
Reposted byit-fail it-fail

October 05 2010

Secure BIND Template v7.1 14 May 2009 TEAM CYMRU noc@cymru.com

The ubiquitous BIND (Berkeley Internet Name Domain) server is distributed with most UNIX variants and provides name services to countless networks. However, the BIND server is not without certain vulnerabilities, and is often a choice target for Internet vandals. These vandals utilize BIND vulnerabilities to gain root access to the host or to turn the host into a launching platform for DDOS attacks. An improper or insufficiently robust BIND configuration can also "leak" information about the hosts and addressing within the intranet. Miscreants can also take advantage of an insecure BIND configuration and poison the cache, thus permitting host impersonation and redirecting legitimate traffic to black holes or malicious hosts. This article presents a template for deploying a secure BIND configuration, thus mitigating some of the risk of running the BIND server.

June 15 2010

Fierce - Trac

Fierce domain scan was born out of a frustration after performing a web application security audit. It is traditionally very difficult to discover large swaths of a corporate network that is non-contiguous. It's terribly easy to run a scanner against an IP range, but if the IP ranges are nowhere near one another you can miss huge chunks of networks.

Fierce is designed to locate likely targets both inside and outside a corporate network. Only those targets are listed. Fierce is a reconnaissance tool written in Perl, that quickly scans domains (usually in just a few minutes, assuming no network lag) using several tactics.

April 14 2010

wm161.net » Blog Archive » Bind and Zeroconf

Zeroconf is just that. It is networking with zero configuration. DNS and DHCP are all managed by each network’s node in a distributed fashion. But beyond that, each node advertises services it has available. A realistic use of this neat idea is my printer. I have a HP photosmart scanner/inkjet combo that uses Zeroconf to advertise itself to the network. If I had a Mac, I wouldn’t have to do anything special to print to it other than plugging it in. The machine already knows there is a printer around because the printer advertised it.

April 08 2010


March 30 2010

The TCP/IP Guide - DNS Message Header and Question Section Format

The client/server information exchange in DNS is facilitated using query/response messaging. Both queries and responses have the same general format, containing up to five individual sections carrying information. Of these, two are usually found in both queries and responses: the Header section and the Question section. I will start exploring the detailed format of DNS messages by looking at these two sections; the next topic will cover the resource record formats used by servers for the other three message sections.
Tags: DNS flags
Reposted bysicksin sicksin

February 14 2010

August 22 2009


You're sitting in an airport or in a cafe, and people want your money for Internet access. They do allow ICMP traffic, though (i.e., you can ping machines on the Internet). Enters ICMPTX. (If you can't use ping, but you can issue name queries, use NSTX: IP-over-DNS.) There are several resources online to point you in the right direction, most notably Case of a wireless hack by Siim Põder. There is a similar, thoroughly undocument program called itun, a simple icmp tunnel that claims to do the same thing. Also, check out PingTunnel which is not IP-over-ICMP, but rather TCP-over-ICMP and, therefore, less useful. Once you've followed these instructions, you basically have a remote proxy, providing you with access to the Internet. Communication between you and the remote proxy is over ICMP. Note that these instructions play nicely with NSTX. You can run both on one proxy.

July 30 2009

DNSCog - DNS reporting and diagnostic tools

DNSCog is a suite of free DNS diagnostics tools, including a comprehensive DNS analysis tool, WHOIS lookup, traceroute and DNS query.

July 15 2009


List of public # ipv6 and # ipv4 dns resolvers
Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!