@NerdResa@cybre.spacejust in case anybody needs it, here's a terribly inefficient way of getting all domains from your overbloated nginx config:
grep -hri server_name /path/to/nginx/sites/* | grep -v '^#' | sed -r -e 's/ +server_name //' | tr -d ';' | tr ' ' '\n' | grep -v onion | sed -r -e 's/(test|www)\.//' | egrep -v '\..+\.' | sort | uniq
It removes any .onion domains, removes test. and www. subdomains (but keeps the domain name for these), and removes all subdomains.
Challenge: make it shorter!
@rysiek egrep -hri "\sserver_name\s" nginx.conf | grep -v '^#' | sed -e "s|\s*server_name\s*||;s|;||;s|\s|\n|;s|www\.||;s|test\.||" | sort | uniq
@rysiek egrep -hri "\sserver_name\s" nginx.conf | grep -v '^#' | sed -e "s|\s*server_name\s*||;s|;||;s|\s|\n|;s|www\.||;s|test\.||;/onion/d" | sort | uniq
Forgot to remove the onion lines ;)
@rysiek egrep -hri "\sserver_name\s" nginx.conf | sed -e "/^#/d;s|\s*server_name\s*||;s|;||;s|\s|\n|;s|www\.||;s|test\.||;/onion/d" | sort | uniq
even shorter ;)
@NerdResa Real nice to see the output of their online checking tool is completely incomprehensible without any real explanation, too. 🤮
OTOH maybe this is the thing needed to get the DNS ecosystem moving in a better direction (or at all)…?
@NerdResa I can make *some* sense of it, but my point was that their UX is absolutely shoddy.
What you get back looks like colored in terminal output – they should've at least made it a table and added links people can follow to read up on the significance of the item for every row…
I mean the target audience is obviously website operators, but I'm about 300% sure the average website operator won't be able to make sense of it beyond "Hey, there's some yellow in there, I guess that's not good?"
Actually, I just noticed that I'm talking about the "technical report" which the dnsflagday.net site redirected me to previously (that doesn't seem to happen anymore).
if you're actually in contact with the people that made https://ednscomp.isc.org/ , please tell them to give positive feedback (i.e. green color) to positive results as well.
Giving an overview in a table is probably the most useful change they can make, tho.
test name | explanation w/ links | status
@phryk When revisiting this issue today, I found that they ask to submit comments on the ednscomp tool in their Gitlab: https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing - Do you want to file an issue there?
ｃｙｂｒｅｓｐａｃｅ: the social hub of the information superhighway
jack in to the mastodon fediverse today and surf the dataflow through our cybrepunk, slightly glitchy web portal