Cloudflare: Crypto Week 2019

cloudflare-logo

Cloudflare, possibly the best DNS provider (and so much more) available for free, is hosting CryptoWeek 2019 since Monday. I really like this company and host at least 20 DNS zones for my various domains there.

I’m just catching up on reading and thought the Crypto Week 2019 announcement post is a must read for everyone.

While generally the week is spent announcing various improvers around crypto (as in cryptocurrencies), the announcement post talks about broader set of issues with current Internet and about the most recent efforts to vastly improve it.

If TLS, BGP hijacking or DNSSEC mean anything to you (and even more importantly, if they don’t yet!) – please read the Crypto Week 2019 post as you will learn a lot and receive a bunch of great pointers for further reading.

Enjoy!

See Also



Using dig command to confirm TTL for a DNS zone entry

As you probably know, TTL (time-to-live) parameters can be set not only for the whole DNS zone you’re managing, but for each individual zone entry. A common example could be a higher TTL for the zone as a whole, while having much smaller TTLs for critical servers like web or MX servers.

Not everyone is aware that dig command is very useful for entry-specific DNS research. This post just shows you a very simple example.

dig to confirm TTL for a DNS entry

When using dig, we’re usually after a specific section of its output. Consider this simple query (your output may slightly vary):

srv1# dig www.google.com

This query targets a specific DNS record – namely the www. one, rather than a whole google.com domain.

; <<>> DiG 9.7.1-P2 <<>> www.google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4968
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 13, ADDITIONAL: 8

;; QUESTION SECTION:
;www.google.com.                        IN      A

;; ANSWER SECTION:
www.google.com.         541187  IN      CNAME   www.l.google.com.
www.l.google.com.       156     IN      A       209.85.148.104
www.l.google.com.       156     IN      A       209.85.148.105
www.l.google.com.       156     IN      A       209.85.148.106
www.l.google.com.       156     IN      A       209.85.148.147
www.l.google.com.       156     IN      A       209.85.148.99
www.l.google.com.       156     IN      A       209.85.148.103

;; AUTHORITY SECTION:
com.                    37414   IN      NS      d.gtld-servers.net.
com.                    37414   IN      NS      e.gtld-servers.net.
com.                    37414   IN      NS      g.gtld-servers.net.
com.                    37414   IN      NS      f.gtld-servers.net.
com.                    37414   IN      NS      a.gtld-servers.net.
com.                    37414   IN      NS      h.gtld-servers.net.
com.                    37414   IN      NS      b.gtld-servers.net.
com.                    37414   IN      NS      m.gtld-servers.net.
com.                    37414   IN      NS      c.gtld-servers.net.
com.                    37414   IN      NS      j.gtld-servers.net.
com.                    37414   IN      NS      i.gtld-servers.net.
com.                    37414   IN      NS      l.gtld-servers.net.
com.                    37414   IN      NS      k.gtld-servers.net.

;; ADDITIONAL SECTION:
a.gtld-servers.net.     22830   IN      A       192.5.6.30
a.gtld-servers.net.     23008   IN      AAAA    2001:503:a83e::2:30
c.gtld-servers.net.     581     IN      A       192.26.92.30
d.gtld-servers.net.     581     IN      A       192.31.80.30
e.gtld-servers.net.     581     IN      A       192.12.94.30
f.gtld-servers.net.     581     IN      A       192.35.51.30
g.gtld-servers.net.     23226   IN      A       192.42.93.30
h.gtld-servers.net.     581     IN      A       192.54.112.30

;; Query time: 1 msec
;; SERVER: 88.198.6.2#53(88.198.6.2)
;; WHEN: Fri Jul  1 03:50:38 2011
;; MSG SIZE  rcvd: 512

We’re only interested in the ANSWER section:

;; ANSWER SECTION:
www.google.com.         541187  IN      CNAME   www.l.google.com.
www.l.google.com.       156     IN      A       209.85.148.104
www.l.google.com.       156     IN      A       209.85.148.105
www.l.google.com.       156     IN      A       209.85.148.106
www.l.google.com.       156     IN      A       209.85.148.147
www.l.google.com.       156     IN      A       209.85.148.99
www.l.google.com.       156     IN      A       209.85.148.103

As you can see from this example, the global www.google.com name is a CNAME entry with quite a high TTL, pointing to a number of www.l.google.com A entries with a much smaller TTL. In this particular example, the TTL for each www.l.google.com is 156 seconds, which is slightly less than 3 minutes.



Unix Tutorial Digest: Interesting Links #1

Every week there’s a few announcements or articles which I find particularly interesting, and so I’ve decided to share them with you. I’m not a Unix guru (yet), but if any of the listed materials require further explanation – do feel free to ask and I’ll be glad to help.

Ubuntu 8.04.1 release

About a week ago, the first update to Ubuntu 8.04 was announced – Ubuntu 8.04.1 TLS. I have completed my experiment of using Ubuntu Hardy as my desktop OS a few weeks ago, and so haven’t upgraded yet – but I think this release is not so useful for anyone who’s been automatically updating their system – it’s just another milestone and a way to download a complete Ubuntu 8.04.1 as one image.

The highlights for me would be Firefox upgraded to the final 3.0 release and Gnome upgrade (it’s 2.22.2 in this release).

Gentoo Linux 2008.0 release

For some of you, it’s probably been a long-awaited release. Move to 2.6.24 kernel provided support for much more hardware, and this is bound to look good with the updated and much improved Gentoo installer.

Read more in the official Gentoo Linux 2008.0 announcement.

Cache poisoning vulnerability in DNS

Dan Kaminsky has found quite a nasty weakness in DNS implementations: deficiencies in the DNS protocol and common DNS implementations
facilitate DNS cache poisoning attacks.

Thanks to the seriousness of the problem and a great coordination, most of the vendors were given the time to publish a fix, so the Vulnerability Note VU#800113 contains a comprehensive list of vulnerable implementations of DNS (both server and client sides are affected, by the way!) and links to fixes provided by various vendors.

Whether you’re managing a server farm or just a Linux desktop – be sure to update!

Wine 1.1.1 release

Things are going much faster with Wine development after the 1.0 release – it didn’t take long for the 1.1 to appear, and now almost every other week brings another great update with tons of bugs fixed.

Wine 1.1.1 release includes more than 50 bugfixes and hundreds of changes since Wine 1.1.0, notably the fixes for Adobe Photoshop CS3 and Microsoft Office 2007 installers, as well as improved video playback and many other improvements.