Follow

Enjoying the DNS session at :
They keep coming up with new ways to break the Internet ;D
There's a DNS Flag Day in February 2019: dnsflagday.net

flag day, as I understood it at :
Many DNS servers do not respond to queries which have been valid for twenty years.
DNS resolvers have worked around this for a long time.
Now they collectively decided to stop working around the problem. So queries for affected DNS servers will just fail.

As usual on the Internet, this is as much about people as it is about technology :)

@NerdResa@cybre.spacejust in case anybody needs it, here's a terribly inefficient way of getting all domains from your overbloated nginx config:

grep -hri server_name /path/to/nginx/sites/* | grep -v '^#' | sed -r -e 's/ +server_name //' | tr -d ';' | tr ' ' '\n' | grep -v onion | sed -r -e 's/(test|www)\.//' | egrep -v '\..+\.' | sort | uniq

It removes any .onion domains, removes test. and www. subdomains (but keeps the domain name for these), and removes all subdomains.

Challenge: make it shorter!

@rysiek egrep -hri "\sserver_name\s" nginx.conf | grep -v '^#' | sed -e "s|\s*server_name\s*||;s|;||;s|\s|\n|;s|www\.||;s|test\.||" | sort | uniq

@rysiek egrep -hri "\sserver_name\s" nginx.conf | grep -v '^#' | sed -e "s|\s*server_name\s*||;s|;||;s|\s|\n|;s|www\.||;s|test\.||;/onion/d" | sort | uniq

Forgot to remove the onion lines ;)

@rysiek egrep -hri "\sserver_name\s" nginx.conf | sed -e "/^#/d;s|\s*server_name\s*||;s|;||;s|\s|\n|;s|www\.||;s|test\.||;/onion/d" | sort | uniq

even shorter ;)

@NerdResa Real nice to see the output of their online checking tool is completely incomprehensible without any real explanation, too. 🤮

OTOH maybe this is the thing needed to get the DNS ecosystem moving in a better direction (or at all)…?

@phryk They said they link to a technical report - does that one help?

@NerdResa I can make *some* sense of it, but my point was that their UX is absolutely shoddy.

What you get back looks like colored in terminal output – they should've at least made it a table and added links people can follow to read up on the significance of the item for every row…

I mean the target audience is obviously website operators, but I'm about 300% sure the average website operator won't be able to make sense of it beyond "Hey, there's some yellow in there, I guess that's not good?"

@NerdResa

Actually, I just noticed that I'm talking about the "technical report" which the dnsflagday.net site redirected me to previously (that doesn't seem to happen anymore).

if you're actually in contact with the people that made ednscomp.isc.org/ , please tell them to give positive feedback (i.e. green color) to positive results as well.

Giving an overview in a table is probably the most useful change they can make, tho.

Something like
test name | explanation w/ links | status

@phryk When revisiting this issue today, I found that they ask to submit comments on the ednscomp tool in their Gitlab: gitlab.isc.org/isc-projects/DN - Do you want to file an issue there?

Sign in to participate in the conversation
Cybrespace

cybrespace: the social hub of the information superhighway

jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal