.xyz domains home to spammers and idiots but not the ‘alt-right’

Is run by alphabet and as a top level domain one that attracts seo criminals (my blog) and idiots with malformed dns records according to the zoo’s server.

Although a new tld i am wary of it for what inhabits it. – If your going to ‘buy’ a .xyz be wary as i have already a blocked a a /24 based on the logs of the classlessness from this newish tld.

Oddly the sjw factor at alphabet (my blog) seems to think those are ok but alt right domain names are not.  Regardless of what is said and the validity when a registrar decides to censor does not mean those views and facts disappear.

Lets hope cute cat webistes and videos dont fall foul of the fish, bird and mouse lobby at google after all mice have rghts dont they.

Mind you perhaps that would improve things.

Think about it.

If i ran things i would not accept the spammers and the clueless

gmail user names and domain names bad perceptions

farinelli

The gmail account i use has a emailer man (who emails us as a woman)* who wants me to buy at probably an extortionate price for the domain name that matches it.

What this transgendered idiot fails to realise is better names exist and i only choose the account name as it was not in use rather than desirable googles insistence on all android phones (my blog) having google account means all the best combinations have been used. .

I of course did not inform them

The dns game

Bananas was up one day and looking through the zoo’s server log and it was full of dns attempts*.

New hosts where invented included the mysql.zoo** among other names from a number of ranges. dnssec (my blog) seems to have replied back these things are not official and i know about it

Some of the visitors where educational.

NetRange: 129.7.0.0 – 129.7.255.255
CIDR: 129.7.0.0/16
NetName: UH-NET
Organization: University of Houston (UNIVER-239)

So i am delighted the zoo withstood the whatever somebody was trying to do. Despite not knowing the orign and objective as one does not usually create hosts with our domain name and connect them for doing something..

Yeah.  It seems dnssec is worth it.

*needs to be turned on **my view of that software has been stated before.

pi hole (nothing about circles)

Is dns blocking using a thing but as a debian user i could use without the crap fanboy hardware (my blog).

pihole

I simply installed it on a workstation and it uses dnsmasq

It currently does ad blocking by default so comment services wont work as there deemed trackers, i have no idea what facebook ends up like looking and it is a non issue for the monkey house.    I was interested in it as i was looking for possible rpz data feeds

Questions could be asked  about say the iab.

nodnssecOne problem with pi hole is no dnssec validation (my blog) although i have valid tlsa out of the box dnsmasq needs a dnssec option. For an exercise it does not appear to works once you find the the right config file.  An issue most of you wont have.

Being new to dnsmasq that was fun and the ability to swtich it on and off lies in /etc/default.

pi-hole works with a script file and to find the source files took a bit hunting, there are no pauses with website loading.

I would not bother with the raspberry pi, there probably out of stock anyhow when three fans bought all the production of them all for the next twelve months.

Counting dns abusers

kiethvaz

vazeline

The zoo ran it’s regular weekly report of dns probers (my blog) and i sat for half an hour looking for new things to block permanently with my mallet.

185.106.122.182  Came to my attention for 300+ attempts in a week which was quite impressive and as my mallet is normally used way before that number is reached and kind of made me look like i missed it when i had not when i checked the diff results from the previous week.

Send your compliments to abuse@hostsailor.com in HDS Business Centre 3204,Jumeirah Lakes Towers,  Dubai, uae.

 

2017 targetted whois spam

well there was n bomb and ….

The zoo’s (plus zoo1 -3) domain owner account is not handled by the zoo, but a separate email system that i do not control. Just in case things go apocalyptic.

So i do get some spam

I login about once a week and clear the crap which strangely appears to be supermarket vouchers and i doubt these ‘organisations’ pay out and they are data phishing scams of which the monkey house has no interest in discovering and probably need a facebook thing that i do not have – most things need facebook if its scammy/marketing.

I never look at them except at the brand names being ripped off – why would a discount German based supermarket be offering more money off on its ‘low’ prices*.

scumbag spammer Robert Soloway

Anyhow its very boring compared to the crap Robert Soloway (my blog) sent and who i helped play a part in his downfall.

Anyhow since role accounts are hosted by us and they get no spam it is good way to judge our email system. ssl confirmations and other stuff do get through.

*an exercise left to the reader to figure out

bulkanized new tlds

renHave heard of .ren ? or Renren Inc – apparently it is a chinese social media thing not skincare which made it an odd sighting in the mail.log

Anyhow i am none the wiser but i do wonder if this use of .ren breaks the icann rules of the global top level domain i mean the zoo is not in China.  If somebody can pass this along to the great firewall f china team it be most appreciated.

 

caa records the hardish way

Sisyphus is still a role model

Sisyphus is still a role model

Caa* records are a bit rare and unless you run a very new dns server version many of these records will be tossed out as too new since it is either not supported either by the name server or dnssec wrapper.

To do caa records in an ‘older’ server i had to use rfc 3597 syntax which does look like voodoo compared to normal dns records its not the kind of thing the bbc think is not worth reporting on (my blog).  It is some kind of machine readable format of which i have not delved in to but looks a bit like atps.

mafia run the british red cross

the ssl mafia

Not all ca’s (not a typo) support caa for since when i write this gandi don’t, but letsencrypt do so if your shopping for tls its another limiter.

So two zoo domains do have caa records from two suppliers. But two do not. As many dns things like tlsa (my blog) are not checked by browsers i doubt they will be doing caa checks anytime soon.

So I will keep the two records i have and see how maintainable they are. Stay tuned for updates!

It will be doubtful the zoo will purchase gandi ssl (tls) again

*nothing to do with aircraft

atps and adsp records (featuring asl too) and dmarc reporting

Sisyphus is still a role model

Sisyphus is still a role model

Yes i am doing dmarc today once again,exciting stuff this.and i have finally figured out opendmarc-reports which for the zoo atps is apparently needed.

These records are fun and once you do one domain, the others also need doing ala.

  • example.com
  • example.net
  • etc
_adsp._domainkey.example.com IN TXT "dkim=all; atps=y; asl=example.net;"
YFP5HEI6FUVG5WMNRBCEO6BK2Z75XKJZ._atps.example.com IN TXT "v=atps01; d=example.net;"

The YFP5HEI6FUVG5WMNRBCEO6BK2Z75XKJZ is sha1 hashed example.net.  opendkim-atpszone can make this with

opendkim-atpszone -h sha1 -u example.com -A example.net -vvv

The rest of the dns lines from above  is where your on your own

YFP5HEI6FUVG5WMNRBCEO6BK2Z75XKJZ._atps TXT 86400 "v=ATPS1; d=example.net"

Eagle eyed readers will note that v=ATPS1; and v=atps01; differ and no adsp record is made.

The has found that atps01 works and is unwilling to test the capital variant.

The only reason i have this is for opendmarc-report which for some reason if i do not have them i get a dmarc error of no.

postfix/smtp[*]: *:
status=bounced (host aspmx.l.google.com[74.125.71.26] 
said: 550-5.7.1 Unauthenticated email from example is not accepted 
due to 550-5.7.1 domain's DMARC policy. 
Please contact the administrator of 550-5.7.1 example domain if this 
was a legitimate mail.

That’s it which is what brought me to this vague corner of dns and email

The dmarc report i received back the next day was interesting.

<source_ip>munged .com</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>example.net</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>example.net</domain>
<result>pass</result>
<selector>mail2</selector>
</dkim>
<dkim>
<domain>example.net</domain>
<result>pass</result>
<selector>mailxx</selector>
</dkim>
<spf>
<domain>example.net</domain>
<result>pass</result>
</spf>
</auth_results>

rubberduckSo perhaps more evidence that atps is needed when its a dead duck considered to say spf .

Maybe the zoo’s way of doing things is weird to openmarc-reports which is good at keeping secrets on our live mail server, so it is happy with adsp and human emaail gets sent properly with aligned spf,dkim and dmarc i will say no more.

So that fixes opendmarc-reporting.  Yay