Skip to content

Instantly share code, notes, and snippets.

View ahupowerdns's full-sized avatar

bert hubert ahupowerdns

401 followers · 0 following
View GitHub Profile
@ahupowerdns
ahupowerdns / create-zone-example
Created January 29, 2016 21:00
# pdnsutil create-zone example.com ns1.example.com
Creating empty zone 'example.com.'
Also adding one NS record
# pdnsutil add-record example.com ns1 A 192.168.1.2
New rrset:
ns1.example.com. IN A 3600 192.168.1.2
# pdnsutil list-zone example.com
example.com. 3600 IN NS ns1.example.com.
example.com. 3600 IN SOA ns1.example.com hostmaster.example.com 1 10800 3600 604800 3600
@ahupowerdns
ahupowerdns / lua.md
Last active January 31, 2024 15:01
The LUA record type for Lua-powered DNS records

LUA Record Type for Lua-powered DNS records for standards based fail-over and geographical load balancing

GitHub branch -> https://github.com/ahupowerdns/pdns/tree/luarec

Recently, many zone owners could not migrate away from Dyn since they were benefiting from non-standardised DNS-based failover and geographical loadbalancing features. What you see below is an attempt to get standards based but flexible equivalents of these currently proprietary features. Here is a zone:

$TTL 60
lua.br. IN      SOA     a.lua.br. nstld.verisign-grs.com. (
        2016032300      ; Serial
        14400           ; Refresh
@ahupowerdns
ahupowerdns / powerdns.org.zones
Last active January 31, 2024 14:53
$ORIGIN .
v6.powerdns.org 3600 IN NS lua-ns-v6.powerdns.org.
v6.powerdns.org 3600 IN SOA lua-ns-v6.powerdns.org hostmaster.v6.powerdns.org 1 10800 3600 604800 3600
whoami-ecs.v6.powerdns.org 60 IN LUA TXT "'ip: '..who:toString()..', netmask: '..(ecswho and ecswho:toString() or 'no ECS')"
whoami-port.v6.powerdns.org 60 IN LUA TXT "who:toStringWithPort()"
whoami.v6.powerdns.org 60 IN LUA AAAA "who:toString()"
whoami.v6.powerdns.org 60 IN LUA TXT "who:toString()"
;;;;;;;;;;;;;;
@ahupowerdns
ahupowerdns / simple-adblock-powerdns.md
Last active June 27, 2023 18:05
How to do really simple adblocking with the PowerDNS Recursor 4.x

First, clone the Mozilla focus project and make it fetch its list:

$ git clone https://github.com/mozilla/focus.git
$ cd focus
$ ./checkout.sh
$ cd Lists

This delivers several JSON formatted files, of which we are going to use disconnect-advertising.json. We'll filter out the good bits using jq, and create a Lua representation:

(
@ahupowerdns
ahupowerdns / stop-cve-2015-7547-with-powerdns-recursor.md
Last active April 21, 2023 17:14

CVE-2015-7547 mitigation script

In response to CVE-2015-7547, we are developing this Lua script which should protect your users, at a slight risk of disrupting specific queries which naturally deliver very large responses.

Run the script below by setting: lua-dns-script=stop-cve-2015-7547.lua - or use rec_control reload-lua-script stop-cve-2015-7547.lua at runtime.

Please continue to check this page for updates.

function postresolve ( remoteip, domain, qtype, records, origrcode )
@ahupowerdns
ahupowerdns / botnetservfail
Last active September 17, 2021 02:57
Filtering botnets that try to use your resolver as a packet amplifier
If you note that some of your users are sending you queries to weirdly named domains
(sdfhsdfkh.www.7xinggua.com. for example), and that those queries in turn are contributing
to a denial of service attack to "nameservers" behind those weirdly named domains, this page
may be for you. The instructions are for Linux, but other operating systems will offer
similar ways to filter traffic.
PowerDNS Recursor 3.6.0 out of the box comes with settings that try to limit this attack,
but there is only so much we can do. A better way is to block or deflect traffic from those
sending the queries.
@ahupowerdns
ahupowerdns / pdnsutil-rrsig.md
Created January 24, 2016 15:04 
$ pdnsutil create-zone ds9a.nl ns1.powerdns.com
Creating empty zone 'ds9a.nl.'
Also adding one NS record

$ pdnsutil add-record ds9a.nl @ A 1.2.3.4
$ pdnsutil add-record ds9a.nl "*" CNAME ds9a.nl
$ pdnsutil list-zone ds9a.nl
*.ds9a.nl.      3600    IN      CNAME   ds9a.nl.
ds9a.nl.        3600    IN      A       1.2.3.4
@ahupowerdns
ahupowerdns / animation.py
Created December 27, 2019 14:17
fig, ax = plt.subplots()
xdata, ydata = [], []
hi, = plt.plot([], [], 'ro')
ax.grid()
Writer = animation.writers['ffmpeg']
writer = Writer(fps=7, metadata=dict(artist='bert hubert'), bitrate=2500)
def init():
@ahupowerdns
ahupowerdns / erp-retrieve.sh
Created November 23, 2019 22:42
#!/bin/bash
for a in {1774..2080}
do for b in {0..6}
do
wget http://navigation-office.esa.int/products/gnss-products/$a/esr${a}$b.erp.Z
done
done
zcat esr20805.erp.Z | grep MJD > erp.csv
zcat *.Z | grep ^5 | sort -n >> erp.raw
@ahupowerdns
ahupowerdns / convert.sh
Created January 19, 2016 15:39
(
echo 'return{'
for a in $(jq '.[].trigger["url-filter"]' disconnect-advertising.json |
cut -f3 -d? | sed 's:\\\\.:.:g' | sed s:\"::)
do
echo \"$a\",
done
echo '}'
) > blocklist.lua