Skip to content

Instantly share code, notes, and snippets.

@bortzmeyer
bortzmeyer / gist:5846b605930f1b17281ee1ff24cf08ad
Created February 2, 2020 14:37
Atlas probes in La Réunion
```
% blaeu-reach --country RE --requested 100 $(dig +short +nodnssec www.bortzmeyer.org A)
12 probes reported
Test #23911087 done at 2020-02-02T14:32:48Z
Tests: 36 successful tests (100.0 %), 0 errors (0.0 %), 0 timeouts (0.0 %), average RTT: 294 ms
```
@bortzmeyer
bortzmeyer / ataxya.md
Created January 6, 2020 20:20
Ataxya RIPE Atlas probe
% blaeu-reach --probe 52677 2605:4500:2:245b::42  
1 probes reported
Test #23768641 done at 2020-01-06T20:19:03Z
Tests: 3 successful tests (100.0 %), 0 errors (0.0 %), 0 timeouts (0.0 %), average RTT: 108 ms
@bortzmeyer
bortzmeyer / gp-ns.md
Created December 19, 2019 08:47
New name servers of Guadeloupe

Measured from Paris

% check-soa -i gp
gp.cctld.authdns.ripe.net.
	193.0.9.76: OK: 2019121818 (35 ms)
	2001:67c:e0::76: OK: 2019121818 (17 ms)
ns-gp.nic.fr.
	194.0.9.1: OK: 2019121818 (12 ms)
	2001:678:c::1: OK: 2019121818 (1 ms)
@bortzmeyer
bortzmeyer / qname-min-atlas.md
Created December 11, 2019 13:48
Qname minimisation, seen from RIPE Atlas probes

RIPE Atlas probes are typically installed in "geekier" networks so they probably use a QNAME-minimizing resolver more often than ordinary machines.

% blaeu-resolve -r 1000 -q TXT qnamemintest.internet.nl
["no - qname minimisation is not enabled on your resolver :("] : 606 occurrences 
["hooray - qname minimisation is enabled on your resolver :)!"] : 375 occurrences 
[ (TRUNCATED - May have to use --ednssize)  "hooray - qname minimisation is enabled on your resolver :)!"] : 1 occurrences 
Test #23603010 done at 2019-12-11T13:39:43Z
@bortzmeyer
bortzmeyer / pleroma-free-ipv6.md
Last active November 21, 2019 10:55
Testing pleroma.bortzmeyer.fr (hosted by Free) over IPv6

With the RIPE Atlas probes

% blaeu-reach --requested 1000 --by_probe 2a01:e35:2fb3:e1d0:d40b:5ff:fee8:a36b
994 probes reported
Test #23295021 done at 2019-11-21T10:39:21Z
Tests: 941 successful probes (94.7 %), 53 failed (5.3 %), average RTT: 67 ms
@bortzmeyer
bortzmeyer / cisco-dns-sorbonne.md
Created November 19, 2019 18:33
Test Cisco DNS

From the RIPE Atlas probes:

% blaeu-resolve -r 100 --nameserver 208.67.220.220 --type A sorbonne.fr
Nameserver 208.67.220.220
[195.220.107.3] : 99 occurrences 
[TIMEOUT] : 1 occurrences 
Test #23272103 done at 2019-11-19T18:31:17Z
@bortzmeyer
bortzmeyer / ldn-dot.md
Created November 16, 2019 11:18
Lorraine Data Network et son résolveur public DoT

DoT = DNS sur TLS

% homer --insecure --dot 80.67.188.188 sci-hub.tw A 
id 562
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
sci-hub.tw. IN A
@bortzmeyer
bortzmeyer / sci-hub-tw.md
Created November 16, 2019 11:12
Censure de Sci-Hub en France via le DNS

Via les sondes RIPE Atlas

% blaeu-resolve --requested 200 --country FR --type A sci-hub.tw
[127.0.0.1] : 112 occurrences 
[186.2.163.90] : 80 occurrences 
[146.112.61.106] : 1 occurrences 
[] : 3 occurrences 
[ERROR: SERVFAIL] : 3 occurrences 
Test #23244613 done at 2019-11-16T11:08:55Z
@bortzmeyer
bortzmeyer / postbank.md
Created November 14, 2019 09:59
Postbank / Google Public DNS problem, as seen by RIPE Atlas probes

Regular resolver (may be Google Public DNS):

% blaeu-resolve -r 100 --dnssec --displayvalidation --type A postbank.de
[160.83.8.182] : 38 occurrences 
[ (Authentic Data flag)  160.83.8.182] : 53 occurrences 
[ERROR: SERVFAIL] : 6 occurrences 
[ (Authentic Data flag) ] : 1 occurrences 
Test #23221499 done at 2019-11-14T09:53:54Z
@bortzmeyer
bortzmeyer / antitrackers.md
Created November 11, 2019 10:23
Blocking hidden trackers (Eulerian, Criteo) on Knot Resolver

For the Knot DNS resolver (used for instance on the Turris:

-- https://www.shaftinc.fr/escalade-traque-eulerian.html
policy.add(policy.suffix(policy.DENY, {todname('eulerian.net.')}))
policy.add(policy.suffix(policy.DENY, {todname('dnsdelegation.io.')}))