Skip to content

Instantly share code, notes, and snippets.

View gist:5846b605930f1b17281ee1ff24cf08ad
```
% blaeu-reach --country RE --requested 100 $(dig +short +nodnssec www.bortzmeyer.org A)
12 probes reported
Test #23911087 done at 2020-02-02T14:32:48Z
Tests: 36 successful tests (100.0 %), 0 errors (0.0 %), 0 timeouts (0.0 %), average RTT: 294 ms
```
@bortzmeyer
bortzmeyer / ataxya.md
Created Jan 6, 2020
Ataxya RIPE Atlas probe
View ataxya.md
% blaeu-reach --probe 52677 2605:4500:2:245b::42  
1 probes reported
Test #23768641 done at 2020-01-06T20:19:03Z
Tests: 3 successful tests (100.0 %), 0 errors (0.0 %), 0 timeouts (0.0 %), average RTT: 108 ms
@bortzmeyer
bortzmeyer / gp-ns.md
Created Dec 19, 2019
New name servers of Guadeloupe
View gp-ns.md

Measured from Paris

% check-soa -i gp
gp.cctld.authdns.ripe.net.
	193.0.9.76: OK: 2019121818 (35 ms)
	2001:67c:e0::76: OK: 2019121818 (17 ms)
ns-gp.nic.fr.
	194.0.9.1: OK: 2019121818 (12 ms)
	2001:678:c::1: OK: 2019121818 (1 ms)
@bortzmeyer
bortzmeyer / qname-min-atlas.md
Created Dec 11, 2019
Qname minimisation, seen from RIPE Atlas probes
View qname-min-atlas.md

RIPE Atlas probes are typically installed in "geekier" networks so they probably use a QNAME-minimizing resolver more often than ordinary machines.

% blaeu-resolve -r 1000 -q TXT qnamemintest.internet.nl
["no - qname minimisation is not enabled on your resolver :("] : 606 occurrences 
["hooray - qname minimisation is enabled on your resolver :)!"] : 375 occurrences 
[ (TRUNCATED - May have to use --ednssize)  "hooray - qname minimisation is enabled on your resolver :)!"] : 1 occurrences 
Test #23603010 done at 2019-12-11T13:39:43Z
@bortzmeyer
bortzmeyer / pleroma-free-ipv6.md
Last active Nov 21, 2019
Testing pleroma.bortzmeyer.fr (hosted by Free) over IPv6
View pleroma-free-ipv6.md

With the RIPE Atlas probes

% blaeu-reach --requested 1000 --by_probe 2a01:e35:2fb3:e1d0:d40b:5ff:fee8:a36b
994 probes reported
Test #23295021 done at 2019-11-21T10:39:21Z
Tests: 941 successful probes (94.7 %), 53 failed (5.3 %), average RTT: 67 ms
View cisco-dns-sorbonne.md

From the RIPE Atlas probes:

% blaeu-resolve -r 100 --nameserver 208.67.220.220 --type A sorbonne.fr
Nameserver 208.67.220.220
[195.220.107.3] : 99 occurrences 
[TIMEOUT] : 1 occurrences 
Test #23272103 done at 2019-11-19T18:31:17Z
@bortzmeyer
bortzmeyer / ldn-dot.md
Created Nov 16, 2019
Lorraine Data Network et son résolveur public DoT
View ldn-dot.md

DoT = DNS sur TLS

% homer --insecure --dot 80.67.188.188 sci-hub.tw A 
id 562
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
sci-hub.tw. IN A
@bortzmeyer
bortzmeyer / sci-hub-tw.md
Created Nov 16, 2019
Censure de Sci-Hub en France via le DNS
View sci-hub-tw.md

Via les sondes RIPE Atlas

% blaeu-resolve --requested 200 --country FR --type A sci-hub.tw
[127.0.0.1] : 112 occurrences 
[186.2.163.90] : 80 occurrences 
[146.112.61.106] : 1 occurrences 
[] : 3 occurrences 
[ERROR: SERVFAIL] : 3 occurrences 
Test #23244613 done at 2019-11-16T11:08:55Z
@bortzmeyer
bortzmeyer / postbank.md
Created Nov 14, 2019
Postbank / Google Public DNS problem, as seen by RIPE Atlas probes
View postbank.md

Regular resolver (may be Google Public DNS):

% blaeu-resolve -r 100 --dnssec --displayvalidation --type A postbank.de
[160.83.8.182] : 38 occurrences 
[ (Authentic Data flag)  160.83.8.182] : 53 occurrences 
[ERROR: SERVFAIL] : 6 occurrences 
[ (Authentic Data flag) ] : 1 occurrences 
Test #23221499 done at 2019-11-14T09:53:54Z
@bortzmeyer
bortzmeyer / antitrackers.md
Created Nov 11, 2019
Blocking hidden trackers (Eulerian, Criteo) on Knot Resolver
View antitrackers.md

For the Knot DNS resolver (used for instance on the Turris:

-- https://www.shaftinc.fr/escalade-traque-eulerian.html
policy.add(policy.suffix(policy.DENY, {todname('eulerian.net.')}))
policy.add(policy.suffix(policy.DENY, {todname('dnsdelegation.io.')}))