Category Archives: DNS

GitHub 也自己搞了一套管理多家 DNS 的程式...

在 StackOverflow 團隊發表完自己開發管理 DNS 的程式後 (參考「StackOverflow 對於多 DNS 商的同步方式...」),GitHub 也來參一腳:「Enabling DNS split authority with OctoDNS」。 可以看到 GitHub 用了兩家的系統 (AWS 的 Route 53 與 Dyn 的服務): ;; AUTHORITY SECTION: github.com. 172800 IN NS ns1.p16.dynect.net. github.com. 172800 IN NS ns3.p16.dynect.net. github.com. 172800 … Continue reading

Posted in AWS, Cloud, Computer, DNS, Murmuring, Network, Security, Software | Tagged , , , , , , , , | Leave a comment

StackOverflow 對於多 DNS 商的同步方式...

他們的解法是設計出一套 DSL (Domain Specific Language),然後從 DSL 轉出各 DNS 商的格式:「Introducing DnsControl – “DNS as Code” has Arrived」。 以 stackoverflow.com 來說,可以看到有同時使用 AWS 的 Route 53 與 Google 的 Cloud DNS: ;; ANSWER SECTION: stackoverflow.com. 36458 IN NS ns-cloud-e2.googledomains.com. stackoverflow.com. 36458 IN NS … Continue reading

Posted in AWS, Cloud, Computer, DNS, GCP, Murmuring, Network, Software | Tagged , , , , , , , , , , , , | 1 Comment

利用 Unicode Domain 釣魚,以及 Chrome 與 Firefox 的解法

一個多禮拜前引起蠻多討論的一篇文章,利用 Unicode Domain 釣魚的方法:「Phishing with Unicode Domains」。 由於這是幾乎完美的攻擊,所以被提出來後 (Security: Whole-script confusable domain label spoofing) 有不少討論: This bug was reported to Chrome and Firefox on January 20, 2017 and was fixed in the Chrome trunk on March 24. The fix is … Continue reading

Posted in Browser, Computer, DNS, Firefox, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , | Leave a comment

未來 CA 將會強制要求檢查 DNS CAA record

CA/Browser 通過提案,要求以後 CA 單位都要檢查 DNS CAA record 才能發放憑證 (RFC 6844 的「DNS Certification Authority Authorization (CAA) Resource Record」):「Ballot 187 - Make CAA Checking Mandatory」。 Certificate Authority Authorization (CAA) is a DNS Resource Record defined in RFC 6844 – https://datatracker.ietf.org/doc/rfc6844/ , published … Continue reading

Posted in Computer, DNS, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , | Leave a comment

透過 DNS TXT 傳遞指令的惡意程式

看到「New Fileless Malware Uses DNS Queries To Receive PowerShell Commands」這篇,所以是有人開始這樣惡搞了... Distributed through an email phishing campaign, the DNSMessenger attack is completely Fileless, as it does not involve writing files to the targeted system; instead, it uses DNS TXT messaging capabilities … Continue reading

Posted in Computer, DNS, Murmuring, Network, Security, Spam | Tagged , , , , , , , | Leave a comment

Cloudflare 因為閏秒炸掉...

Cloudflare 這次閏秒炸掉:「How and why the leap second affected Cloudflare DNS」,影響範圍包括了 DNS query 與 HTTP request: At peak approximately 0.2% of DNS queries to Cloudflare were affected and less than 1% of all HTTP requests to Cloudflare encountered an error. 主要的原因在於 … Continue reading

Posted in CDN, Cloud, Computer, DNS, Murmuring, Network, Programming, Software, WWW | Tagged , , , , , , , , , | Leave a comment

英國通過法案要求 ISP 記錄使用者觀看過的網站

英國前幾天通過了最激烈的隱私侵犯法案,要求 ISP 必須記錄使用者觀看過的網站:「Britain has passed the 'most extreme surveillance law ever passed in a democracy'」: The law forces UK internet providers to store browsing histories -- including domains visited -- for one year, in case of police investigations. 不愧是 George … Continue reading

Posted in Computer, DNS, Murmuring, Network, Political, Security, Social, WWW | Tagged , , , , , , , , , , , , , | Leave a comment

Route53 也支援 IPv6 了...

Amazon Route 53 也宣佈支援 IPv6 了:「Amazon Route 53 Now Supports DNS Queries over IPv6 Networks」。 依照說明應該是無痛切換過去: The change is seamless and requires no action from you; your end users and clients can begin making DNS queries over IPv6 immediately. 不過測了 … Continue reading

Posted in AWS, Cloud, Computer, DNS, Murmuring, Network | Tagged , , , , , , , | Leave a comment

Let's Encrypt 支援 IDN

Let's Encrypt 宣佈支援 IDN:「Introducing Internationalized Domain Name (IDN) Support」,這代表可以申請的範圍變得更廣了: This means that our users around the world can now get free Let’s Encrypt certificates for domains containing characters outside of the ASCII set, which is built primarily for the English … Continue reading

Posted in Computer, DNS, Murmuring, Network, Security, WWW | Tagged , , , , , , , , , , , , | Leave a comment

英國 GCHQ 打算在英國實施全國大規模的 DNS filtering 過濾機制

如標題所提到的,GCHQ 打算以安全為由,實施大規模的 DNS filtering 機制:「GCHQ planning UK-wide DNS ‘firewall’」,GCHQ 的官方新聞稿在「A new approach for cyber security in the UK」這邊。 很類似 GFW 的作法,但在英國這種國家這樣做太明顯,所以政府需要使用 FUD (Fear, Uncertainty, Doubt) 的方式恐嚇公民,藉由洗腦公民取得更多的權力。 這次是對 DNS level 過濾,如果政策成功地壓過去實施,接下來就會有更多的機制來過濾對當政者不利的言論。

Posted in Computer, DNS, Murmuring, Network, Political, Security | Tagged , , , , , , | 1 Comment