Archive for July, 2008

DNS is in motion

26.07.2008 23:36 | 1 comment | 0 pingbacks | , ,

dsldnssuccess2DSLDNS.png

This is what recursive DNS looks like these days.

It seems some people eventually break things by updating their authoriative Servers hence the Server Failure responses and then there are these suspicious NXDOMAIN spikes. I was not yet able to pinpoint who asks what there but those could very well be spoofing attempts coming from our clients.

Not that they had any chance of succeeding we’re running PowerDNS recursor and have uRPF is deployed on everything ingres, so no spoofing there.

It’s System Administrator Appreciation Day!

25.07.2008 12:10 | 0 comments | 0 pingbacks |

Ok apparently the press has not really picked it up yet so i’ll remind you two or three readers of my blog out there:

It is System Administrator Appreciation Day even in Germany, so if you’ve already patched your BIND9 — good boy pat ;-)

My grandma’s going to understand the bug.”

23.07.2008 16:04 | 0 comments | 0 pingbacks | , ,

So with the WIRED article its kind of official, the cache poisoning ‘bug’ leaked and its all too simple to implement. As Dan Kaminsky told wired in their interview

My grandma’s going to be in the audience (at Black Hat). My grandma’s going to understand the bug.

and i bet she really will, if my daddy can understand IP routing without ever having touched a computer in his whole life Dan’s grandma can understand DNS spoofing, no problem.

So if you’ve not updated already please do that now, it’s urgent!

If you don’t believe me, just listen to Sarah again. ;)

This Page Is Valid XHTML 1.1!

13.07.2008 23:44 | 1 comment | 0 pingbacks | ,

Result: Passed validation, 1 warning(s)

Warning you think? Right. It seems the lightbox.js cannot really cope with a default content type of ‘application/xhtml+xml’ so i apparently must have the server still handing out ‘text/html’ thats quite odd but other than that rendering went fine on xml-only. Just Firebug wasn’t too happy about it — maybe someone reading this can shed some light on why javascript needs ‘text/html’ to function properly.

For now i don’t really get it.

Oh well i guess i can live with one single warning. ;)

DNS Spoofing anyone?

10.07.2008 0:27 | 0 comments | 0 pingbacks | , ,

Ok so maybe my blog will get some more hits if i blog about the recent ‘Massive, Coordinated Patch To the DNS Released ‘ as /. named it.

Let me just link to this recent article of the PowerDNS author Bert Hubert in which he reminds us that this recent ‘fix’ for what seems to be an all new issue is not all that new after all.

Come on people, you knew it all the time. There is the query ID which is at best 16 bits and, … well did you really never wonder about that highport BIND reserved?

Alright maybe you haven’t but it seems not all that hard to do:

Actually the very same Dan Kaminsky who is credited with having found this latest issue half a year ago encourages us geeks to go “explore DNS”. “Maybe I missed something” he writes. Well i for one have not yet discovered what he did to get <1s to poison a dns cache but apparently Dan is pretty convinced that someone is going to find out before his Blackhat talk where he wants to spill it.

Interesting…

07.07.2008 19:38 | 0 comments | 0 pingbacks |

… i just strolled through my posts and did some layouting — apparently google fetches the post right after it gets XML-RPC pinged about an article being updated.

I wonder if that means they also refeed the article into the search engine. Actually i’m kind of waiting for webspiders to visit me after i submitted myself to various search engines again. Google has not yet reindexed blog.zaphods.net after its relaunch.

more web2.0 features for added flavor

07.07.2008 18:07 | 0 comments | 0 pingbacks |

Ok so now i’m not only using an autogenerated sitemap.xml too feed google, i’ve also fed it to FeedBurner

Subscribe to this Blog via FeedBurner

portal.jpeg

What i’m really missing with byteflow is the search functionality, i always end up wanting to link to a specific post i did and then find myself logging into the admin interface to actually be able to locate it. The admin interface has a search as it is django‘s native one. I’m using it this very moment to write the post btw.

Maybe i’ll add the search myself — shouldn’t be too hard anyway.

Euro 2008 in DNS

02.07.2008 2:51 | 0 comments | 0 pingbacks | ,

Alright now these graphs i wanted to show you all the time and i couldn’t because RoR was playing up. grr

Anyway, here we are now.

The Semi Final 25th of June 2008 Germany vs. Turky

2k8-soccer-semifinal-dsldnsaggdDSLDNS.png 2k8-soccer-semifinal-dsldnssuccessdDSLDNS.png

The Final on the 29th Germany vs. Spain

2k8-soccer-final-dsldnsaggdDSLDNS.png 2k8-soccer-final-dsldnssuccessdDSLDNS.png

Note: It seems i will have to tweak the CSS a bit — while this looks nice its a bit dizzy ;-)

\o/ it’s done II \o/

02.07.2008 2:36 | 0 comments | 0 pingbacks | , ,

Yay, finally i have a blog again….

Just finished basic migration of my Ruby on Rails typo to byteflow which is based on pythons marvellous django framework.

It wasn’t an easy task and i’m not even finished yet… still have to fake in two or three comments, but it looks and behaves nice and i can post again.

hooray for django.

Ah yes, RSS or rather Atom feeds will have moved and i don’t feel like breaking it all up again. So maybe you will need to update your subscriptions.

Makes me wonder how google deals with those kind of things.