Re: Sanity Check

2023-02-17 Thread Ed Daniel via bind-users 

On 17/02/2023 16:06, Bob McDonald wrote:
I'm implementing a caching resolver under FreeBSD 13.1 running on a 
RaspberryPI. Bind 9.18.11


My named.conf is below. My question is do these look like workable 
options? I include logging and a statistics channel in my preliminary 
implementations for more detail on what's going on. That will go away 
eventually. Any comments are welcome.


Thanks,

Bob

named.conf:

acl rfc1918-nets {
10.0.0.0/8 ;
172.16.0.0/12 ;
192.168.0.0/16 ;
};

include "/usr/local/etc/namedb/rndc.key";

controls {
         inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
         inet ::1 port 953 allow { ::1; } keys { rndc-key; };
};

options {
         directory       "/usr/local/etc/namedb/working";
         pid-file        "/var/run/named/pid";
         dump-file       "/var/dump/named_dump.db";
         statistics-file "/var/stats/named.stats";
         secroots-file "/var/cache/bind/secroots.txt";
         memstatistics-file "/var/stats/named_mem_stats.txt";
         managed-keys-directory "/var/cache/bind";
         session-keyfile "/var/cache/bind/session.key";
         recursion yes;
         masterfile-format text;
         minimal-responses no;
         empty-zones-enable yes;
         empty-server "raspberrypi-00.ddisupport.tech";
         empty-contact "robert\.mcdonald.ddiarchitect.tech";
         querylog yes;
         query-source address 172.27.255.99;
         transfer-source 172.27.255.99;
         notify-source 172.27.255.99;
         request-nsid yes;
         server-id hostname;
         zone-statistics full;
         dnssec-validation auto;
         dnssec-accept-expired no;

         listen-on       { 127.0.0.1; };
         listen-on       { 172.27.255.99; };
         listen-on-v6    { ::1; };

         allow-query { ::1; 127.0.0.1; rfc1918-nets; };
         allow-query-cache { ::1; 127.0.0.1; rfc1918-nets; };
         allow-recursion { ::1; 127.0.0.1; rfc1918-nets; };
};

zone "localhost"        { type master; file 
"/usr/local/etc/namedb/primary/localhost-forward.db"; };
zone "127.in-addr.arpa" { type master; file 
"/usr/local/etc/namedb/primary/localhost-reverse.db";};


statistics-channels {
         inet 172.27.255.99 port 28079 allow { rfc1918-nets; };
};

logging {
         channel default_log {
                 file "/var/log/named/default" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel auth_servers_log {
                 file "/var/log/named/auth_servers" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel dnssec_log {
                 file "/var/log/named/dnssec" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel zone_transfers_log {
                 file "/var/log/named/zone_transfers" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel ddns_log {
                 file "/var/log/named/ddns" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel client_security_log {
                 file "/var/log/named/client_security" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel rate_limiting_log {
                 file "/var/log/named/rate_limiting" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel rpz_log {
                 file "/var/log/named/rpz" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel dnstap_log {
                 file "/var/log/named/dnstap" versions 3 size 1m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel queries_log {
                 file "/var/log/named/queries" versions 600 size 20m;
                 print-time yes;
                 print-category yes;
                 print-severity yes;
                 severity info;
         };
         channel query-errors_log {
                 file "/var/log/named/query-errors" versions 5 size 20m;
                 print-time y

Re: I need to find statistics on a running server.

2023-01-13 Thread Ed Daniel via bind-users 

On 12/01/2023 18:20, King, Harold Clyde (Hal) via bind-users wrote:

I need to find some answers like queries per second.  Any fast ideas folks?

--

Hal King  - h...@utk.edu
Systems Administrator
Office of Information Technology
Shared Services

The University of Tennessee
103c5 Kingston Pike Building
2309 Kingston Pk. Knoxville, TN 37996
Phone: 974-1599




You might like to check this out too:
https://www.dns-oarc.net/oarc/data/dsc
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Seeing lots of DNS issues on OpenWRT

2022-09-23 Thread Ed Daniel 
As per your previous email 17:54 where you share Sparklight response, 
Quad9 uses strict DNS checking iirc, you should add another couple of 
cloud DNS resolvers like 1.1.1.1 and 8.8.8.8 that fall back to resolve 
when DNSSEC is broken at destination.


forwarders {
// Sparklight
// 24.116.0.53;
// 24.116.2.50;
9.9.9.9;
8.8.8.8;
1.1.1.1;

Others will probably have smarter thoughts to share than this but it 
should get you working again.


HTH,
Ed.


On 23/09/2022 20:18, Philip Prindeville wrote:

Hi all,

I've changed locations (moved houses) and consequently ISPs (now on Sparklight, 
used to have CTC) and I'm seeing a slew of DNS issues I didn't have before like:

Sep 23 11:42:13 OpenWrt3 named[28113]: timed out resolving 
'wdatpsngatewaytmcacane.trafficmanager.net/A/IN': 9.9.9.9#53
Sep 23 11:42:21 OpenWrt3 named[28113]: timed out resolving 'ubuntu.com/DS/IN': 
9.9.9.9#53
Sep 23 11:42:21 OpenWrt3 named[28113]: broken trust chain resolving 
'connectivity-check.ubuntu.com/A/IN': 9.9.9.9#53
Sep 23 11:42:31 OpenWrt3 named[28113]: managed-keys-zone: Key 20326 for zone . 
is now trusted (acceptance timer complete)
Sep 23 11:42:44 OpenWrt3 named[28113]: timed out resolving 
'visualstudio.com/DS/IN': 9.9.9.9#53
Sep 23 11:42:44 OpenWrt3 named[28113]: broken trust chain resolving 
'dc.services.visualstudio.com/A/IN': 9.9.9.9#53
Sep 23 11:43:19 OpenWrt3 named[28113]: timed out resolving 
'connectivity-check.ubuntu.com/A/IN': 9.9.9.9#53
Sep 23 11:43:20 OpenWrt3 named[28113]: timed out resolving 
'tp.b16066390-frontier.amazonalexa.com/A/IN': 9.9.9.9#53
Sep 23 11:43:22 OpenWrt3 named[28113]: timed out resolving 
'connectivity-check.ubuntu.com/A/IN': 9.9.9.9#53
Sep 23 11:43:22 OpenWrt3 named[28113]: timed out resolving 
'fmfmobile.fe.apple-dns.net/A/IN': 9.9.9.9#53
Sep 23 11:43:26 OpenWrt3 named[28113]: timed out resolving 
'connectivity-check.ubuntu.com/A/IN': 9.9.9.9#53
Sep 23 11:43:26 OpenWrt3 named[28113]: timed out resolving 
'tp.b16066390-frontier.amazonalexa.com/A/IN': 9.9.9.9#53
Sep 23 11:43:45 OpenWrt3 named[28113]: timed out resolving 
'us-sandbox-courier-4.push-apple.com.akadns.net/A/IN': 9.9.9.9#53
Sep 23 11:43:45 OpenWrt3 named[28113]: timed out resolving 
'e6858.dscx.akamaiedge.net/A/IN': 9.9.9.9#53
Sep 23 11:43:50 OpenWrt3 named[28113]: timed out resolving 
'imap.gmail.com/A/IN': 9.9.9.9#53
Sep 23 11:43:50 OpenWrt3 named[28113]: timed out resolving 
'mail.employees.org/A/IN': 9.9.9.9#53
Sep 23 11:43:55 OpenWrt3 named[28113]: timed out resolving 
'swdist.apple.com/A/IN': 9.9.9.9#53
Sep 23 11:43:56 OpenWrt3 named[28113]:   validating x.incapdns.net/SOA: no 
valid signature found
Sep 23 11:44:08 OpenWrt3 named[28113]: timed out resolving 
'16.courier-push-apple.com.akadns.net/A/IN': 9.9.9.9#53
Sep 23 11:44:09 OpenWrt3 named[28113]: timed out resolving 'sdk.split.io/A/IN': 
9.9.9.9#53
Sep 23 11:44:09 OpenWrt3 named[28113]: timed out resolving 
'e3.shared.global.fastly.net/HTTPS/IN': 9.9.9.9#53
Sep 23 11:45:39 OpenWrt3 named[28113]: timed out resolving 
's-0005.s-msedge.net/HTTPS/IN': 9.9.9.9#53
Sep 23 11:45:49 OpenWrt3 named[28113]: timed out resolving 
'onedscolprdwus03.westus.cloudapp.azure.com/A/IN': 9.9.9.9#53
Sep 23 11:46:24 OpenWrt3 named[28113]: timed out resolving 
'onedscolprdwus03.westus.cloudapp.azure.com/A/IN': 9.9.9.9#53
Sep 23 11:47:07 OpenWrt3 named[28113]: timed out resolving 
'e6987.a.akamaiedge.net/A/IN': 9.9.9.9#53
Sep 23 11:49:05 OpenWrt3 named[28113]: timed out resolving 
'teams.office.com/A/IN': 9.9.9.9#53
Sep 23 11:49:29 OpenWrt3 named[28113]: timed out resolving 
'2.courier-push-apple.com.akadns.net/A/IN': 9.9.9.9#53
Sep 23 11:49:29 OpenWrt3 named[28113]: timed out resolving 
'gateway.fe.apple-dns.net/A/IN': 9.9.9.9#53
Sep 23 11:50:03 OpenWrt3 named[28113]: timed out resolving 
'ak.privatelink.msidentity.com/A/IN': 9.9.9.9#53
Sep 23 11:50:19 OpenWrt3 named[28113]: timed out resolving 
'safebrowsing.googleapis.com/A/IN': 9.9.9.9#53
Sep 23 11:50:20 OpenWrt3 named[28113]: timed out resolving 'netgear.com/DS/IN': 
9.9.9.9#53
Sep 23 11:50:20 OpenWrt3 named[28113]: broken trust chain resolving 
'_adsp._domainkey.netgear.com/TXT/IN': 9.9.9.9#53
Sep 23 11:50:20 OpenWrt3 named[28113]: broken trust chain resolving 
'image.e.netgear.com/A/IN': 9.9.9.9#53
Sep 23 11:50:20 OpenWrt3 named[28113]: broken trust chain resolving 
'netgear.com/A/IN': 9.9.9.9#53
Sep 23 11:50:20 OpenWrt3 named[28113]: broken trust chain resolving 
'netgear.com/NS/IN': 9.9.9.9#53
Sep 23 11:50:20 OpenWrt3 named[28113]: broken trust chain resolving 
'community.netgear.com/A/IN': 9.9.9.9#53
Sep 23 11:50:20 OpenWrt3 named[28113]: broken trust chain resolving 
'www.netgear.com/A/IN': 9.9.9.9#53
Sep 23 11:50:20 OpenWrt3 named[28113]: timed out resolving 
'support-intelligence.net/DS/IN': 9.9.9.9#53
Sep 23 11:50:20 OpenWrt3 named[28113]: broken trust chain resolving 
'netgear.com.dob.sibl.support-intelligence.net/A/IN': 9.9.9.9#53
Sep 23

Re: Stopping ddos

2022-08-04 Thread Ed Daniel 

On 02/08/2022 22:04, Saleck wrote:

Dne úterý 2. srpna 2022 22:02:58 CEST, Robert Moskowitz napsal(a):

Recently I have been having problems with my server not responding to my
requests.  I thought it was all sorts of issues, but I finally looked at
the logs and:

Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80 114.29.194.4#11205
(.): view external: query (cache) './A/IN' denied
Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80
114.29.216.196#64956 (.): view external: query (cache) './A/IN' denied
Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80 64.68.114.141#39466
(.): view external: query (cache) './A/IN' denied
Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80
209.197.198.45#13280 (.): view external: query (cache) './A/IN' denied
Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80
114.29.202.117#41955 (.): view external: query (cache) './A/IN' denied
Aug  2 15:47:19 onlo named[6155]: client @0xaa3cad80 62.109.204.22#4406
(.): view external: query (cache) './A/IN' denied
Aug  2 15:47:49 onlo named[6155]: client @0xa9420720 64.68.104.9#38518
(.): view external: query (cache) './A/IN' denied
Aug  2 15:47:50 onlo named[6155]: client @0xaa882dc8 114.29.202.117#9584
(.): view external: query (cache) './A/IN' denied

grep -c denied messages
45868

And that is just since Jul 31 3am.

This is fairly recent so I never looked into what I might do to protect
against this.  I am the master for my domain, so I do need to allow for
legitimate queries.

Any best practices on this?

I am running bind 9.11.4

thanks


You could think about adding fail2ban to your server with some custom rules.
Helped us in a similar situation.

Kind regards,
David




I'm also a longtime and happy Fail2Ban user, more infos here:
https://www.linode.com/docs/guides/using-fail2ban-to-secure-your-server-a-tutorial/
https://ixnfo.com/en/configuring-fail2ban-for-bind9.html

HTH,
Ed.
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Fuzzing Bind

2021-08-05 Thread Ed Daniel 
On 05/08/2021 17:57, Siva Kakarla wrote:
> Thanks, Daniel, that is also a great idea. I am trying to see if I can
> get the standard fuzzers like AFL to work for my use case, but if I
> can't then I will try the idea you suggested. 

This also rather cool:
https://github.com/DNS-OARC/dns-benchmarking/blob/master/home/knot/tools/pcap-fuzz.py

Other ideas here too:
https://lists.dns-oarc.net/pipermail/dns-operations/2018-February/017315.html
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Fuzzing Bind

2021-08-05 Thread Ed Daniel 
On 05/08/2021 13:37, Siva Kakarla wrote:
> Hello Everyone,
> 
> I am trying to understand and set up a fuzzer for the Bind DNS
> implementation. My current goal is to fuzz the authoritative server with
> queries. 
> 
> I have looked around and came across different fuzzing engines, but I
> have some trouble and some questions getting it to work. If anyone has
> anything to comment on, please reply, and that would be really helpful.
> 
>  1. I configured with |CC=/path/to/afl/afl-clang./configure
> --enable-fuzzing=afl| or |afl-clang-fast| to enable fuzzing. Then, I
> did make and  make install.  I then tried fuzzing the |named| binary
> with |afl-fuzz -i fuzz/dns_message_parse.in/
>  -o findings /usr/local/sbin/named
> -g|but then it stops immediately, saying|the program crashed with
> one of the test cases provided|. 
>  1. How to fuzz the |named|binary with queries?
>  2. How to get the seed input in raw format? 
>  3. Honggfuzz 
> seems
> to fuzz the named binary, but it produced too many files as
> crash reports within a minute. I have asked about it on
> their GitHub .
> Anyone that worked with Honggfuzz, please reply. 
>  2. A separate fuzz folder
>  contains 
> functions
> to fuzz small sections of the code. 
>  1. Was this created to improve coverage and modularity? (In the
> sense, can't |named| be fuzzed directly using the above setup?) 
>  2. I could get them running with |oss-fuzz| but how to run them
> with |afl-fuzz|? The README 
> 
> mentions
> linking the files; can you please tell me how to do that?
>  3. How to decode the packets given
> in 
> https://gitlab.isc.org/isc-projects/bind9/-/tree/main/fuzz/dns_message_parse.in
> 
> ?
> How to add a new packet to the corpus? (How to convert into a raw
> packet?)

Why not re-purpose a password fuzzer, instead of passwords you'd be
spawning FQDNs, which you could pipe to mdig or other dns client?

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DoH Support in bind 9.17?

2021-02-23 Thread Ed Daniel 
Hi Carlos,

While you are waiting for 'dig' you might like to try 'dog':
https://github.com/ogham/dog

HTH,
Ed

On 24/02/2021 06:14, Carlos Kamtha wrote:
> Hello Evan
> 
> Looks like it’s ready with version 9.17.10.  I’ll give that a shot.
> 
> Thanks for the reply 
> 
> 
> 
> -C
> 
> 
> *From:* Evan Hunt 
> *Sent:* Wednesday, February 24, 2021 1:02:33 AM
> *To:* Carlos Kamtha 
> *Cc:* bind-users@lists.isc.org 
> *Subject:* Re: DoH Support in bind 9.17?
>  
> On Wed, Feb 17, 2021 at 03:49:32PM -0500, Carlos Kamtha wrote:
>> However, there does not appear to be support for DoH ala bind9.17 atm. Do
>> we have a timeline for its implementation?
> 
> DoH is supported in named in 9.17.10 (server side only).  Client-side
> support will be added to dig in 9.17.11.
> 
> -- 
> Evan Hunt -- e...@isc.org
> Internet Systems Consortium, Inc.
> 
> 
> 
> This email, its contents and attachments contain information from J2
> Global, Inc. and/or its affiliates which may be privileged, confidential
> or otherwise protected from disclosure. The information is intended to
> be for the addressee(s) only. If you are not an addressee, any
> disclosure, copy, distribution or use of the contents of this message is
> prohibited. If you have received this email in error, please notify the
> sender by reply email and delete the original message and any copies.
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Bind9 Container Error

2021-01-14 Thread Ed Daniel 
On 08/01/2021 19:13, Juarez Souza Junior wrote:
> 08-Jan-2021 19:08:54.225 loading configuration from '/etc/bind/named.conf'
> 08-Jan-2021 19:08:54.225 directory '/var/cache/bind' is not writable
> 08-Jan-2021 19:08:54.225 /etc/bind/named.conf.options:7: parsing failed:
> permission denied
> 08-Jan-2021 19:08:54.229 loading configuration: permission denied
> 08-Jan-2021 19:08:54.229 exiting (due to fatal error)
> I've already checked the permissions and seems to be ok.

Check the user/group BIND is using, it does appear to be an
identity/perm issue, unless I'm mistaken. HTH


> 
> I'm using this line command to run:
> docker run --name=bind_test --restart=always --publish
> 192.168.56.1:53:53/udp --publish 192.168.56.1:53:53/tcp --publish
> 127.0.0.1:953:953/tcp -v /var/lib/bind9-data/etc/bind:/etc/bind -v
> /var/lib/bind9-data/var/cache/bind:/var/cache/bind:Z -v
> /var/lib/bind9-data/var/lib/bind:/var/lib/bind:Z -v
> /var/lib/bind9-data/var/log:/var/log:Z internetsystemsconsortium/bind9:9.16
> 
> Could someone give me some help?
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to generate ZSK key with one year valid

2020-11-13 Thread Ed Daniel 
On 13/11/2020 13:08, rams wrote:
> Hi,
> Can anyone help me how to generate ZSK key with one year validity?
> When I am trying , it is default 30 days validity but i want to make ZSK
> key validity 1 year. Is it possible in bind?
> 
> Regards,
> Ramesh

Hi Ramesh,

Are you using the CLI-based tool dnssec-keygen ?

dnssec-keygen
https://linux.die.net/man/8/dnssec-keygen


Timing Options
Dates can be expressed in the format MMDD or MMDDHHMMSS. If the
argument begins with a '+' or '-', it is interpreted as an offset from
the present time. For convenience, if such an offset is followed by one
of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the offset is
computed in years (defined as 365 24-hour days, ignoring leap years),
months (defined as 30 24-hour days), weeks, days, hours, or minutes,
respectively. Without a suffix, the offset is computed in seconds.

-R date/offset
Sets the date on which the key is to be revoked. After that date, the
key will be flagged as revoked. It will be included in the zone and will
be used to sign it.

HTH,
esdaniel
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: VS: DNS Misconfiguration on- http://cyberia.net.sa/

2020-06-08 Thread Ed Daniel 
I'm not so sure, the written English is poor and can be misinterpreted.
The sec focus link is crafted peculiarly but it's not a hustle in and of
itself, it's sharing the problem description after all.

I think given the misconfiguration *has* gone unnoticed and potentially
could be of trouble 'in the future' a thank you, acknowledgement and
small compensation would actually be the decent thing to do.

Just my 2c as an active participant in the security community.



On 05/06/2020 10:24, Jukka Pakkanen wrote:
> Complete scam, ignore.
> 
> Just check the “securityfocus” link, it’s fake too.
> 
> Jukka
> 
>  
> 
> *Lähettäjä:* bind-users  *Puolesta
> *Ejaz Ahmed
> *Lähetetty:* 5. kesäkuuta 2020 10:55
> *Vastaanottaja:* bind-users@lists.isc.org
> *Aihe:* Fwd: DNS Misconfiguration on- http://cyberia.net.sa/
> 
>  
> 
>  
> 
>  
> 
> Some one is is claiming that our name server 212.118.64.2 is vulnerable
> with below information is this true
> 
>  
> 
> Any suggestions would be appreciated 
> 
>  
> 
> Thanks a n advance 
> 
>  
> 
> Ejaz 
> 
>  
> 
>  
> 
>  
> 
> Dear CYBERIA GROUP Security Team ,
> 
>  
> 
> I Rahul a Ethical Hacker and Security Researcher. I found a
> vulnerability on your website that is DNS Misconfiguration .
> 
>  
> 
> Your *localhost.cyberia.net.sa    *has
> address 127.0.0.1 and this may lead to "Same- Site" Scripting. I can
> also ping the localhost network.
> 
>  
> 
>  
> 
> Here is detailed description of this minor security issue
> :*http://www.securityfocus.com/archive/1/486606/30/0/threaded
> *
> 
>  
> 
> *Find attached POC  Video. *
> 
>  
> 
> *Dear Team Waiting for your response and **I want bounty(money) with an
> Appreciation letter for my work and effort which I have given for *
> 
>  
> 
>  
> 
> *Thanks in advance *
> 
> *Ejaz *
> 
>  
> 
>  
> 
>  
> 
>  
> 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to completely transfer root zone

2020-02-16 Thread Ed Daniel 
Thank you for replying and sharing, Warren. I apologise for my
misunderstanding of the intent of your words.

On 16/02/2020 03:08, Warren Kumari wrote:
> 
> 
> On Fri, Feb 14, 2020 at 10:49 PM Ed Daniel  <mailto:esdan...@esdaniel.com>> wrote:
> 
> On 11/02/2020 15:28, Warren Kumari wrote:
> > On Tue, Feb 11, 2020 at 3:12 AM Stephane Bortzmeyer
> mailto:bortzme...@nic.fr>> wrote:
> >>
> >> On Mon, Feb 10, 2020 at 02:32:55PM -0500,
> >>  Warren Kumari mailto:war...@kumari.net>> wrote
> >>  a message of 70 lines which said:
> >>
> >>> Also, can you try:
> >>> dig +tcp . axfr @192.0.32.132 <http://192.0.32.132>
> >>> dig +tcp . axfr @192.0.47.132 <http://192.0.47.132>
> >>> dig +tcp . axfr @b.root-servers.net <http://b.root-servers.net>
> >>>
> >>> (no, I'm not really sure why trying with the first 2 IPs instead of
> >>> hostname
> >>
> >> Because you know that IPv6 and IPv4 may exhibit different issues.
> >
> > Hey, yeah, that's it! Thank you for explaining my thought processes to
> > me -- for an encore, can you explain why I keep losing my keys? :-)
> >
> 
> I hope you guys are friends otherwise... -1
> 
> 
> 
> Oh, yes - Stephane and I are definitely friends. There was no sarcasm
> behind the comments - he was perfectly correct about my reasoning, and I
> hadn't thought through why I was suggesting that.
> 
> I hope no one (esp Stephane) took my comment as anything other than
> self-deprecating - tone gets lost in mail.
> 
> W
> 
> 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org <mailto:bind-users@lists.isc.org>
> https://lists.isc.org/mailman/listinfo/bind-users
> 
> -- 
> I don't think the execution is relevant when it was obviously a bad idea
> in the first place.
> This is like putting rabid weasels in your pants, and later expressing
> regret at having chosen those particular rabid weasels and that pair of
> pants.
>    ---maf

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Unable to completely transfer root zone

2020-02-14 Thread Ed Daniel 
On 11/02/2020 15:28, Warren Kumari wrote:
> On Tue, Feb 11, 2020 at 3:12 AM Stephane Bortzmeyer  wrote:
>>
>> On Mon, Feb 10, 2020 at 02:32:55PM -0500,
>>  Warren Kumari  wrote
>>  a message of 70 lines which said:
>>
>>> Also, can you try:
>>> dig +tcp . axfr @192.0.32.132
>>> dig +tcp . axfr @192.0.47.132
>>> dig +tcp . axfr @b.root-servers.net
>>>
>>> (no, I'm not really sure why trying with the first 2 IPs instead of
>>> hostname
>>
>> Because you know that IPv6 and IPv4 may exhibit different issues.
> 
> Hey, yeah, that's it! Thank you for explaining my thought processes to
> me -- for an encore, can you explain why I keep losing my keys? :-)
> 

I hope you guys are friends otherwise... -1

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: Building Geo Map using Queries

2018-06-09 Thread Ed Daniel 
On 09/06/18 15:33, Blason R wrote:
> Hi There,
> 
> I have DNS RPZ server runnnig and have configured logstatsh on the same
> to parse the DNS RPZ logs. 
> 
> My requirement is I need to build Geo Map basis on the DNS responses;
> Any idea how can that be achieved? Or need to know the requests made
> from which country and any other idea community can suggest?
> 
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> 

http://www.elastic.co/guide/en/logstash/current/plugins-filters-geoip.html

HTH,
Ed.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users