opendnssec in debian stretch

Confuses me and i have no damm clue as to how to set it up.  Supposedly it automates key resigning but quite how it works and the less good versions in previous debian mean the jump 1.2 to 2 mean your config files are  rubbish working or otherwise.

Commands have been changed

ds-ksmutil setup
<13>Aug * 13:42:30 ods-ksmutil: The ODS-KSMUTIL command is DEPRECATED and should be replaced by ods-enforcer in the caller with pid 19568: bash
Unable to connect to engine. connect() failed: No such file or directory (“/run/opendnssec/enforcer.sock”)

Having looked at blogs and the documentation in the .deb i was not the wiser.even after gzipping them and it appears that with a version 5 algorithm it is painfully awful or that was my attempt at setting it up from before (jessie) until i got bored.

opendnssec-enforcerstart-stop-daemon: warning: this system is not able to track process names

Sisyphus is still a role model

So i looked at non debian documentation opendnssec was nice to read but fragmented.

It seems opendnssec/* is used by about three people in debian who use the untested version and either it is a compile from source job

Tried and failed again with this software.  I suppose it compiles and runs and as far as debian is concerned it is a runner even if it seems to not function.

dns zone testers

lets poison the gin

The zoo records stuff and one day i got bored and decided to see who was testing our dns zone transfers.

We also record other ‘odd’ dns behaviour (my blog0

A few lookups later and this is the result for the zone testers.

Attempt whois origin actual entity ip
         
1 DE sc Closco Ltd 5.9.247.111
5 FR   ovh.net 149.202.144.234
5 FR   ovh.net 217.182.138.104
2 IE   microsoft.com 104.45.89.108
2 IE   microsoft.com 40.69.218.124
11 NL gb syn.net.uk 185.83.217.12
6 SE   pingdom.com 176.221.80.21
7 US   ucsb.edu 192.35.222.13
2 US   ucsb.edu 192.35.222.27
2 US   ucsb.edu 192.35.222.30
12 US   ucsb.edu 199.19.226.18
16 US   frantech.ca 209.141.45.24
36 US   verisign.com
72.13.58.33
1 VN   fpt.com.vn 118.70.212.135

Crook

So i might be responsible for the versign ones as they do scan our dnssec (my blog) the rest i leave to your guess.

Good see crooked microsoft (my blog) doing something evil.

I dont mind being probed by academics but the sc thing looks a lot like shodan (my blog)

Its not a large list but interesting.

Dns protocol abusers by country

Got logs ? of bad dns senders/probers – the zoo does

So who sends the most bad protocol traffic to the zoo – I set a cutoff of 90 errors and above found in our nameserver error file sorted and made it presentable

You might have to open this post in a new browser tab due to the liimitations of the css design a problem i have when i use tables.

Otherwise i would bore you to death with grep/awk and python things most of you find boring.

Country attempts 90+ Cn %
Switzerland 146 0.32%
Pakistan 160 0.35%
Brazil 260 0.57%
Australia 530 1.16%
Japan 584 1.28%
South Korea 680 1.49%
Spain 730 1.60%
France 735 1.61%
China 1124 2.47%
Russia 1447 3.17%
Lithuania 1656 3.63%
United Kingdom 1938 4.25%
Romania 3358 7.37%
Bulgaria 3471 7.62%
Netherlands 4686 10.28%
Finland 6440 14.13%
United States 7180 15.75%
Germany 10453 22.93%

bomb russia

Interesting results – those of you thinking it must be North Korea you better stop smoking that Hillary Clinton substance.  The good news is the US was number 2 in sending shit requests.   Germany appears to host shodan of which i have mentioned once or twice.

Being me here is a summary of all  countries some like switzerland like to have whole subnets scanning addresses – it gets logged if one bad attempt is made or many it does not care.  I assume some of these need fixing rather than be probers

count/country

1 AE
1 BA
1 BD
1 BY
1 CO
1 CR
1 DO
1 DZ
1 EC
1 GI
1 HU
1 IE
1 JM
1 KZ
1 LU
1 MQ
1 TW
2 EG
2 EU
2 GP
2 GR
2 ID
2 LV
2 PK
2 VN
3 AT
3 FI
3 HR
4 PA
5 RS
5 TH
6 IL
6 KR
6 LT
6 MX
6 NO
6 SG
6 TR
7 AL
7 IN
8 CZ
9 AR
9 MA
9 MD
9 NZ
10 DK
10 IR
10 SE
11 AU
12 JP
12 SA
14 BE
15 PT
15 UA
16 IT
17 HK
18 BG
19 PL
27 None
28 RO
48 SC
53 CA
56 GB
63 DE
81 BR
98 ES
106 RU
112 NL
120 CN
146 CH
149 FR
759 US

Crook

So a count by addresses shows that the United States wins by a mile of neer do wells by means of dns probes.

If your looking for north korea then they are non listed once again.

I like doing stuff like this.

opendnssec daemon

opendnssec is a daemon that automatically signs dnssec  zones

the man who became a pig

the man who became a pig

Its a pig, but after some mass printing of pdfs and seemingly billions of google searches..

in /etc/softhsm you need to run some commands to initialise the database but in debian there is a typo /var/car so that will break everything.

I also added opendnssec user and grouip as xml syntax in the /etc/opendnssec/conf.xml

However i was still getting rights issues from the ods contol program with softhsm.conf, so i edited group and gave softhsm and opendnssec rights to each other, then that seemed to pass opendnssec’s tests.

I have one zoo setup and opendnssec actually still did not do key rollover

Once again it seems the stable version might compile but will not work doing what it is supposed to do.  Maybe in anoother three years this thing might work but i doubt it.

Dmarc bad internet service providers

Done this before – here are reports i have received here in the zoo about our dmarc settings and bad hosts. – I do not count attempts to use monkey@zoo but the number of times an ip address is recorded in a dmarc report

Data might be better viewed as source but those ip addresses are in here.

Lets start with the brief report.

Country Percent Country Isp count Isp Percentage Isp
Argentina 0.27% AR 100.00% 1 0.27% CABLEVISION.COM.AR
Australia 0.27% AU 100.00% 1 0.27% telstra.com
CN 7.33% 25 6.68% chinaunicom.cn
CN 7.33% 25 6.68% chinaunicom.cn
CN 3.52% 12 3.21% chinaunicom.cn
CN 18.77% 64 17.11% chinamobile.com
CN 1.76% 6 1.60% chinaunicom.cn
CN 11.44% 39 10.43% chinaunicom.cn
CN 4.99% 17 4.55% wasu.com.cn
CN 4.69% 16 4.28% wasu.com.cn
CN 41.35% 141 37.70% Huashu media&Network Limited
China 91.18% CN
DE 25.00% 1 0.27% Hosteurope GmbH
DE 25.00% 1 0.27% Hetzner Online AG
DE 25.00% 1 0.27% evanzo e-commerce Gmbh
Germany 1.07% DE 25.00% 1 0.27% Hetzner Online GmbH
GB 0.27% GB 100.00% 1 0.27% Yahoo Europe Operations Department
Hungary 0.53% HU 100.00% 2 0.53% NLG-System Bt
Ireland 0.27% IE 100.00% 1 0.27% c2.amazonaws.com/
IN 33.33% 1 0.27% Net4India Ltd
India 0.80% IN 33.33% 1 0.27% Bharti Telenet Ltd. Tamilnadu
IR 25.00% 1 0.27% Dadeh Gostar Asr Novin P.J.S. Co.
IR 25.00% 1 0.27% Esfahan Telecommunication Company (P.J.S.)
Iran 1.07% IR 50.00% 2 0.53% fanava.net
Itally 0.53% IT 50.00% 1 0.27% Aruba S.p.A. – Shared Hosting
Japan 0.27% JP 100.00% 1 0.27% Playing Network,INC
Mexico 0.80% MX 33.33% 1 0.27% KIONETWORKS.COM
Romania 0.27% RO 100.00% 1 0.27% Universitatea de Medicina si Farmacie “Carol Davila”
Russia 0.27% RU 100.00% 1 0.27% CJSC Server WebDC colocation
Thailand 0.27% TH 100.00% 1 0.27% csloxinfo.net
US 33.33% 2 0.53% hostmaster@rackspace.com
US 16.67% 1 0.27% DCS Pacific Star, LLC
US 16.67% 1 0.27% Openwave Messaging Inc
US 16.67% 1 0.27% Datagram, Inc
America 1.60% US 16.67% 1 0.27% Codero
Vietnam 0.27% VN 100.00% 1 0.27% FPT Telecom Company
Count 374 100.00%

bomb russia

Conclusions are easy to make,should you be a corporate Hlllary Clinton voter its not Russia or North Korea. We all know democrats are a bit shit at running email servers and your desire to site such things in toilets.

Even Russians use toilets.

Before i go Asperger’s on you here is host that amused us.

Here is a net citizen who had dmarc but deleted there dns and thus no dmarc

Host or domain name not found. Name service error
for name=zeta-hub.com type=AAAA: Host found but no data record of requested
type

That detail

Country Isp count Isp Percentage Isp IP
1 AR 1 0.27% CABLEVISION.COM.AR 200.89.142.106
1 AU 1 0.27% telstra.com 120.158.94.239
1 CN 25 6.68% chinaunicom.cn 101.67.136.137
1 CN 101.67.136.143
1 CN 101.67.136.186
1 CN 101.67.136.206
1 CN 101.67.136.252
1 CN 101.67.136.26
1 CN 101.67.136.44
1 CN 101.67.136.60
1 CN 101.67.136.8
1 CN 101.67.137.107
1 CN 101.67.137.130
1 CN 101.67.137.19
1 CN 101.67.137.205
1 CN 101.67.137.246
1 CN 101.67.137.37
1 CN 101.67.137.44
1 CN 101.67.137.8
2 CN 101.67.138.128
1 CN 101.67.138.129
1 CN 101.67.138.144
1 CN 101.67.138.23
1 CN 101.67.138.97
1 CN 101.67.139.106
1 CN 101.67.139.55
1 CN 25 6.68% chinaunicom.cn 101.68.120.140
1 CN 101.68.120.64
1 CN 101.68.120.79
1 CN 101.68.121.195
1 CN 101.68.121.94
1 CN 101.68.122.161
1 CN 101.68.122.71
1 CN 101.68.122.8
1 CN 101.68.36.139
1 CN 101.68.36.207
1 CN 101.68.36.220
1 CN 101.68.36.55
1 CN 101.68.37.11
1 CN 101.68.37.121
1 CN 101.68.37.196
1 CN 101.68.37.21
1 CN 101.68.37.252
1 CN 101.68.37.48
1 CN 101.68.37.54
1 CN 101.68.37.64
1 CN 101.68.38.102
1 CN 101.68.38.139
1 CN 101.68.38.162
1 CN 101.68.38.80
1 CN 101.68.39.91
1 CN 12 3.21% chinaunicom.cn 101.71.192.212
1 CN 101.71.193.38
1 CN 101.71.194.215
1 CN 101.71.194.255
1 CN 101.71.195.41
1 CN 101.71.196.252
1 CN 101.71.216.106
2 CN 101.71.221.22
1 CN 64 17.11% chinamobile.com 112.10.135.137
1 CN 112.10.135.185
1 CN 112.10.194.14
1 CN 112.10.194.178
1 CN 112.10.195.163
2 CN 112.10.195.215
1 CN 112.10.195.34
1 CN 112.10.195.36
1 CN 112.10.195.50
1 CN 112.10.195.69
1 CN 112.10.40.138
1 CN 112.10.40.164
1 CN 112.10.40.194
2 CN 112.10.40.22
1 CN 112.10.40.229
1 CN 112.10.40.233
1 CN 112.10.40.92
1 CN 112.10.41.117
1 CN 112.10.41.130
1 CN 112.10.41.230
1 CN 112.10.41.80
1 CN 112.10.42.238
1 CN 112.10.42.25
1 CN 112.10.42.38
1 CN 112.10.42.96
1 CN 112.10.43.214
1 CN 112.10.46.122
1 CN 112.10.46.149
1 CN 112.10.46.151
1 CN 112.10.46.225
1 CN 112.10.46.91
1 CN 112.10.47.128
1 CN 112.10.47.184
1 CN 112.10.47.199
1 CN 112.10.48.152
1 CN 112.10.48.22
1 CN 112.10.48.225
1 CN 112.10.48.233
2 CN 112.10.49.12
1 CN 112.10.49.137
1 CN 112.10.49.250
1 CN 112.10.49.28
1 CN 112.10.49.31
2 CN 112.10.49.32
1 CN 112.10.52.10
1 CN 112.10.52.106
1 CN 112.10.52.123
1 CN 112.10.52.238
1 CN 112.10.52.241
1 CN 112.10.52.88
2 CN 112.10.53.16
1 CN 112.10.53.201
1 CN 112.10.53.221
1 CN 112.10.53.44
1 CN 112.10.53.8
1 CN 112.10.82.143
1 CN 112.10.82.148
1 CN 112.10.82.163
1 CN 112.10.83.164
1 CN 6 1.60% chinaunicom.cn 123.157.202.147
1 CN 123.157.202.20
1 CN 123.157.203.33
1 CN 123.158.32.233
1 CN 123.158.33.25
1 CN 39 10.43% chinaunicom.cn 124.90.102.115
1 CN 124.90.102.137
1 CN 124.90.102.142
1 CN 124.90.102.55
1 CN 124.90.103.37
1 CN 124.90.103.52
1 CN 124.90.193.88
1 CN 124.90.200.103
1 CN 124.90.200.124
1 CN 124.90.200.149
1 CN 124.90.200.16
1 CN 124.90.200.185
1 CN 124.90.200.203
1 CN 124.90.200.206
1 CN 124.90.200.218
1 CN 124.90.200.22
1 CN 124.90.200.221
1 CN 124.90.200.225
1 CN 124.90.200.50
1 CN 124.90.200.55
1 CN 124.90.200.58
1 CN 124.90.201.11
1 CN 124.90.201.14
1 CN 124.90.201.162
1 CN 124.90.201.193
1 CN 124.90.201.246
1 CN 124.90.201.51
1 CN 124.90.202.124
1 CN 124.90.202.128
1 CN 124.90.202.30
1 CN 124.90.202.57
1 CN 124.90.203.121
1 CN 124.90.203.83
1 CN 124.90.68.2
1 CN 124.90.69.68
1 CN 124.90.70.134
1 CN 124.90.70.44
1 CN 124.90.71.175
1 CN 124.90.71.221
1 CN 17 4.55% wasu.com.cn 218.109.228.219
1 CN 218.109.230.0
1 CN 218.109.231.184
1 CN 218.109.242.105
1 CN 218.109.242.124
1 CN 218.109.242.142
1 CN 218.109.242.15
1 CN 218.109.242.16
1 CN 218.109.242.188
2 CN 218.109.242.54
1 CN 218.109.242.57
1 CN 218.109.243.121
1 CN 218.109.243.219
1 CN 218.109.243.34
1 CN 218.109.243.62
1 CN 218.109.98.0
1 CN 16 4.28% wasu.com.cn 219.82.112.122
2 CN 219.82.134.148
1 CN 219.82.134.153
1 CN 219.82.134.241
1 CN 219.82.134.253
1 CN 219.82.135.115
1 CN 219.82.135.121
1 CN 219.82.135.4
1 CN 219.82.135.60
1 CN 219.82.135.88
1 CN 219.82.34.127
1 CN 219.82.34.21
1 CN 219.82.34.234
1 CN 219.82.58.61
1 CN 219.82.58.67
1 CN 141 37.70% Huashu media&Network Limited 58.100.0.10
1 CN 58.100.0.121
1 CN 58.100.0.13
1 CN 58.100.0.163
1 CN 58.100.0.17
1 CN 58.100.0.173
1 CN 58.100.0.175
1 CN 58.100.0.191
1 CN 58.100.0.219
1 CN 58.100.0.221
1 CN 58.100.0.225
1 CN 58.100.0.234
1 CN 58.100.0.243
1 CN 58.100.0.244
1 CN 58.100.0.255
1 CN 58.100.0.64
1 CN 58.100.0.67
1 CN 58.100.0.9
1 CN 58.100.1.115
1 CN 58.100.1.135
1 CN 58.100.1.14
1 CN 58.100.1.144
1 CN 58.100.1.148
1 CN 58.100.1.167
1 CN 58.100.1.17
1 CN 58.100.1.171
1 CN 58.100.1.2
1 CN 58.100.1.213
1 CN 58.100.1.235
2 CN 58.100.1.240
1 CN 58.100.1.243
1 CN 58.100.1.247
1 CN 58.100.1.250
1 CN 58.100.1.253
1 CN 58.100.1.28
1 CN 58.100.1.57
1 CN 58.100.2.0
1 CN 58.100.201.165
1 CN 58.100.201.171
1 CN 58.100.201.174
1 CN 58.100.201.189
2 CN 58.100.201.191
1 CN 58.100.201.207
1 CN 58.100.201.209
1 CN 58.100.201.215
1 CN 58.100.201.222
1 CN 58.100.201.228
2 CN 58.100.201.3
1 CN 58.100.201.34
1 CN 58.100.201.38
1 CN 58.100.201.42
1 CN 58.100.201.55
2 CN 58.100.201.72
1 CN 58.100.201.94
1 CN 58.100.2.104
1 CN 58.100.2.134
1 CN 58.100.2.153
1 CN 58.100.2.167
1 CN 58.100.2.187
1 CN 58.100.2.192
1 CN 58.100.2.216
1 CN 58.100.2.225
1 CN 58.100.2.229
1 CN 58.100.2.242
1 CN 58.100.24.175
1 CN 58.100.24.210
1 CN 58.100.24.26
1 CN 58.100.2.48
1 CN 58.100.24.83
1 CN 58.100.2.60
1 CN 58.100.2.63
2 CN 58.100.2.66
1 CN 58.100.3.120
1 CN 58.100.3.146
1 CN 58.100.3.165
1 CN 58.100.3.17
2 CN 58.100.3.242
1 CN 58.100.3.246
1 CN 58.100.3.34
2 CN 58.100.3.54
1 CN 58.100.3.66
1 CN 58.100.3.73
1 CN 58.100.3.8
1 CN 58.100.3.82
1 CN 58.100.3.98
1 CN 58.100.4.117
1 CN 58.100.4.126
1 CN 58.100.4.178
2 CN 58.100.4.228
1 CN 58.100.4.23
1 CN 58.100.4.246
1 CN 58.100.4.248
1 CN 58.100.4.255
1 CN 58.100.4.31
1 CN 58.100.4.46
1 CN 58.100.4.53
1 CN 58.100.4.8
1 CN 58.100.4.84
1 CN 58.100.5.151
1 CN 58.100.5.210
1 CN 58.100.5.245
1 CN 58.100.5.255
1 CN 58.100.6.137
1 CN 58.100.6.172
3 CN 58.100.6.190
1 CN 58.100.6.249
1 CN 58.100.6.37
1 CN 58.100.6.6
1 CN 58.100.6.69
1 CN 58.100.7.104
1 CN 58.100.7.128
1 CN 58.100.7.140
1 CN 58.100.7.160
2 CN 58.100.7.170
1 CN 58.100.7.185
1 CN 58.100.7.2
1 CN 58.100.7.209
1 CN 58.100.7.225
1 CN 58.100.7.27
1 CN 58.100.7.76
1 CN 58.100.7.98
1 CN 58.101.149.129
1 CN 58.101.149.167
1 CN 58.101.149.202
1 CN 58.101.149.204
1 CN 58.101.149.205
1 CN 58.101.149.211
1 CN 58.101.149.214
1 CN 58.101.149.249
1 CN 58.101.215.182
1 DE 1 0.27% Hosteurope GmbH 176.28.13.193
1 DE 1 0.27% Hetzner Online AG 78.47.178.82
1 DE 1 0.27% evanzo e-commerce Gmbh 87.238.194.222
1 DE 1 0.27% Hetzner Online GmbH 88.198.194.44
1 GB 1 0.27% Yahoo Europe Operations Department 212.82.97.150
2 HU 2 0.53% NLG-System Bt 79.172.209.109
1 IE 1 0.27% c2.amazonaws.com/ 54.247.116.167
1 IN 1 0.27% Net4India Ltd 118.67.248.215
2 IN 1 0.27% Bharti Telenet Ltd. Tamilnadu 122.178.19.82
1 IR 1 0.27% Dadeh Gostar Asr Novin P.J.S. Co. 46.224.2.215
1 IR 1 0.27% Esfahan Telecommunication Company (P.J.S.) 5.219.159.153
2 IR 2 0.53% fanava.net 95.38.191.187
2 IT 1 0.27% Aruba S.p.A. – Shared Hosting 89.46.104.195
1 JP 1 0.27% Playing Network,INC 202.212.133.77
3 MX 1 0.27% KIONETWORKS.COM 201.175.13.88
1 RO 1 0.27% Universitatea de Medicina si Farmacie “Carol Davila” 46.243.119.41
1 RU 1 0.27% CJSC Server WebDC colocation 185.63.190.163
1 TH 1 0.27% csloxinfo.net 27.254.96.73
2 US 2 0.53% hostmaster@rackspace.com 173.203.2.22
1 US 1 0.27% DCS Pacific Star, LLC 204.13.65.168
1 US 1 0.27% Openwave Messaging Inc 65.20.0.12
1 US 1 0.27% Datagram, Inc 69.60.8.154
1 US 1 0.27% Codero 69.64.71.253
1 VN 1 0.27% FPT Telecom Company 58.186.11.102
374 374 100.00%

Exciting stuff no

ddos-ing who?

seocrookThe zoo has a dns server and  it is consonantly  probed , and those are logged. All are unsuccessful with the wrong queries. When i write this ovh (my blog) has suffered a ddos. I then notice that ovh hosted servers testing our dns server.

I have no interest in ddosing but if ovh likes spammers and shady types and also suffers from it why are they testing ours?

Abuse contact for '164.132.0.0 - 164.132.255.255' is 'abuse@ovh.net'
 
 inetnum:        164.132.0.0 - 164.132.255.255
 org:            ORG-OS3-RIPE
 status:         LEGACY
 netname:        FR-OVH
 country:        FR
 admin-c:        OTC2-RIPE
 tech-c:         OTC2-RIPE
 mnt-by:         RIPE-NCC-LEGACY-MNT
 mnt-by:         OVH-MNT
 created:        2001-10-04T09:57:12Z
 last-modified:  2016-04-14T10:14:17Z
 source:         RIPE
 
 % Information related to '164.132.0.0/16AS16276'
 
 route:          164.132.0.0/16
 descr:          OVH
 origin:         AS16276
 mnt-by:         OVH-MNT
 created:        2015-12-09T09:54:51Z
 last-modified:  2015-12-09T09:58:12Z
 source:         RIPE
 
 % This query was served by the RIPE Database Query Service version 1.87.4 (ANGUS) 
Lines containing IP:164.132.96.66 in /var/log/*/security.log
 
 20-Sep-2016 11:03:51.382 client 164.132.96.66#47911 (isc.org): query (cache) 'isc.org/ANY/IN' denied
 20-Sep-2016 11:03:51.382 client 164.132.96.66#47911 (isc.org): query (cache) 'isc.org/ANY/IN' denied
 20-Sep-2016 11:03:51.385 client 164.132.96.66#47911 (isc.org): query (cache) 'isc.org/ANY/IN' denied
 20-Sep-2016 11:03:51.385 client 164.132.96.66#47911 (isc.org): query (cache) 'isc.org/ANY/IN' denied
 21-Sep-2016 08:58:09.943 client 164.132.96.66#42156 (buydomains.com): query (cache) 'buydomains.com/ANY/IN' denied
 21-Sep-2016 08:58:09.943 client 164.132.96.66#42156 (buydomains.com): query (cache) 'buydomains.com/ANY/IN' denied
 21-Sep-2016 08:58:09.945 client 164.132.96.66#42156 (buydomains.com): query (cache) 'buydomains.com/ANY/IN' denied
 21-Sep-2016 08:58:09.945 client 164.132.96.66#42156 (buydomains.com): query (cache) 'buydomains.com/ANY/IN' denied
 24-Sep-2016 15:03:53.825 client 164.132.96.66#60783 (psg.com): query (cache) 'psg.com/ANY/IN' denied
 24-Sep-2016 15:03:53.825 client 164.132.96.66#60783 (psg.com): query (cache) 'psg.com/ANY/IN' denied
 24-Sep-2016 15:03:53.826 client 164.132.96.66#60783 (psg.com): query (cache) 'psg.com/ANY/IN' denied
 24-Sep-2016 15:03:53.826 client 164.132.96.66#60783 (psg.com): query (cache) 'psg.com/ANY/IN' denied
 01-Oct-2016 18:39:43.521 client 164.132.96.66#58207 (cpsc.gov): query (cache) 'cpsc.gov/ANY/IN' denied
 01-Oct-2016 18:39:43.521 client 164.132.96.66#58207 (cpsc.gov): query (cache) 'cpsc.gov/ANY/IN' denied
 01-Oct-2016 18:39:43.521 client 164.132.96.66#58207 (cpsc.gov): query (cache) 'cpsc.gov/ANY/IN' denied
 01-Oct-2016 18:39:43.522 client 164.132.96.66#58207 (cpsc.gov): query (cache) 'cpsc.gov/ANY/IN' denied

Clearly i must be an idiot for seeing this double standard.

.xyz domains home to spammers and idiots but not the ‘alt-right’

Is run by alphabet and as a top level domain one that attracts seo criminals (my blog) and idiots with malformed dns records according to the zoo’s server.

Although a new tld i am wary of it for what inhabits it. – If your going to ‘buy’ a .xyz be wary as i have already a blocked a a /24 based on the logs of the classlessness from this newish tld.

Oddly the sjw factor at alphabet (my blog) seems to think those are ok but alt right domain names are not.  Regardless of what is said and the validity when a registrar decides to censor does not mean those views and facts disappear.

Lets hope cute cat webistes and videos dont fall foul of the fish, bird and mouse lobby at google after all mice have rghts dont they.

Mind you perhaps that would improve things.

Think about it.

If i ran things i would not accept the spammers and the clueless

gmail user names and domain names bad perceptions

farinelli

The gmail account i use has a emailer man (who emails us as a woman)* who wants me to buy at probably an extortionate price for the domain name that matches it.

What this transgendered idiot fails to realise is better names exist and i only choose the account name as it was not in use rather than desirable googles insistence on all android phones (my blog) having google account means all the best combinations have been used. .

I of course did not inform them

The dns game

Bananas was up one day and looking through the zoo’s server log and it was full of dns attempts*.

New hosts where invented included the mysql.zoo** among other names from a number of ranges. dnssec (my blog) seems to have replied back these things are not official and i know about it

Some of the visitors where educational.

NetRange: 129.7.0.0 – 129.7.255.255
CIDR: 129.7.0.0/16
NetName: UH-NET
Organization: University of Houston (UNIVER-239)

So i am delighted the zoo withstood the whatever somebody was trying to do. Despite not knowing the orign and objective as one does not usually create hosts with our domain name and connect them for doing something..

Yeah.  It seems dnssec is worth it.

*needs to be turned on **my view of that software has been stated before.

pi hole (nothing about circles)

Is dns blocking using a thing but as a debian user i could use without the crap fanboy hardware (my blog).

pihole

I simply installed it on a workstation and it uses dnsmasq

It currently does ad blocking by default so comment services wont work as there deemed trackers, i have no idea what facebook ends up like looking and it is a non issue for the monkey house.    I was interested in it as i was looking for possible rpz data feeds

Questions could be asked  about say the iab.

nodnssecOne problem with pi hole is no dnssec validation (my blog) although i have valid tlsa out of the box dnsmasq needs a dnssec option. For an exercise it does not appear to works once you find the the right config file.  An issue most of you wont have.

Being new to dnsmasq that was fun and the ability to swtich it on and off lies in /etc/default.

pi-hole works with a script file and to find the source files took a bit hunting, there are no pauses with website loading.

I would not bother with the raspberry pi, there probably out of stock anyhow when three fans bought all the production of them all for the next twelve months.