Multithreaded DNS Scanner

Just the other day, Spamhaus was subject to a DDoS attack from an ISP who got upset at being blacklisted. That's par for the course, but what's interesting is that the ISP used a DNS amplification to boost their DDoS capabilities. Lately at work we've been working on shutting down our open DNS proxies. Once upon a time, on the naive Internet, they were fine. But as evidenced by this latest attack, such is not the case any longer.

Shutting down the DNS servers we knew about was easy, of course. But what about the ones we didn't know of? Well that's where a handy port scanner comes into play. There are a number of DNS scanners out there but I found them all lacking in some regard. So I whipped up my own.


DNSSEC Validation in Bind

I haven't done anything with DNSSEC for a while, not since I messed around with signing my domain in 2008. That was a success, by the way, but I changed around my nameservers and it's not signed any more.

Today's project was to see if I could enable DNSSEC validation on my server. The goal being to ignore any zones which are supposed to be signed, but don't contain correct data.

NAD 27 vs NAD 83/WGS 84

Satellite. Image credit: Wikimedia.Somewhere a while back I read that the difference between NAD 27 and NAD 83 was on the order of a few feet at most and thus I had ignored it. Turns out I was very misinformed. NOAA has a site where you can calculate the difference between NAD 27 and NAD 83 which I tried today and my coordinate varied by more than 50 meters. That's pretty significant. So, lesson learned.


Catalyst and Rsync

Catalyst and Rsync don't seem to get along well. That is to say, the built-in development server doesn't notice when rsync changes source files. The upshot is Catalyst won't automatically reload the application on change, and that's just plain annoying.

The solution is to use the --inplace option to rsync. This alters how rsync propagates changes and plays nice with Catalyst.


Git Assume Unchanged

Git is far and away the best revision control system I've ever used. As evidence, I submit this little gem of a command:

repo$ git update-index --assume-unchanged file1 file2 ...

This is a useful command to use when you want to change a file locally and prevent it from being committed back to the repository. Once you're done and want to re-enable commits of those files, simply re-run the command and use --no-assume-unchanged.


eCryptfs Failure After Ubuntu Upgrade

I had my laptop halfway upgraded from Ubuntu 11.10 and 12.04 for a while. There was some reason for that which escapes me now, so I decided to complete the upgrade. So far only one issue has cropped up with an ecryptfs volume that I had created. It failed to mount with an error

Error attempting to evaluate mount options: [-22] Invalid argument

Based on a Redhat bug report I found, it looks like I need to SUID root /sbin/mount.ecryptfs.



Subscribe to RSS Subscribe to - All comments