Measured from Paris
% check-soa -i gp
gp.cctld.authdns.ripe.net.
193.0.9.76: OK: 2019121818 (35 ms)
2001:67c:e0::76: OK: 2019121818 (17 ms)
ns-gp.nic.fr.
194.0.9.1: OK: 2019121818 (12 ms)
2001:678:c::1: OK: 2019121818 (1 ms)
Stéphane Bortzmeyer bortzmeyer
bortzmeyer
/ qname-min-atlas.md
Created
December 11, 2019 13:48
Qname minimisation, seen from RIPE Atlas probes
RIPE Atlas probes are typically installed in "geekier" networks so they probably use a QNAME-minimizing resolver more often than ordinary machines.
% blaeu-resolve -r 1000 -q TXT qnamemintest.internet.nl
["no - qname minimisation is not enabled on your resolver :("] : 606 occurrences
["hooray - qname minimisation is enabled on your resolver :)!"] : 375 occurrences
[ (TRUNCATED - May have to use --ednssize) "hooray - qname minimisation is enabled on your resolver :)!"] : 1 occurrences
Test #23603010 done at 2019-12-11T13:39:43Z
bortzmeyer
/ pleroma-free-ipv6.md
Last active
November 21, 2019 10:55
Testing pleroma.bortzmeyer.fr (hosted by Free) over IPv6
With the RIPE Atlas probes
% blaeu-reach --requested 1000 --by_probe 2a01:e35:2fb3:e1d0:d40b:5ff:fee8:a36b
994 probes reported
Test #23295021 done at 2019-11-21T10:39:21Z
Tests: 941 successful probes (94.7 %), 53 failed (5.3 %), average RTT: 67 ms
From the RIPE Atlas probes:
% blaeu-resolve -r 100 --nameserver 208.67.220.220 --type A sorbonne.fr
Nameserver 208.67.220.220
[195.220.107.3] : 99 occurrences
[TIMEOUT] : 1 occurrences
Test #23272103 done at 2019-11-19T18:31:17Z
bortzmeyer
/ ldn-dot.md
Created
November 16, 2019 11:18
Lorraine Data Network et son résolveur public DoT
DoT = DNS sur TLS
% homer --insecure --dot 80.67.188.188 sci-hub.tw A
id 562
opcode QUERY
rcode NOERROR
flags QR RD RA
;QUESTION
sci-hub.tw. IN A
Via les sondes RIPE Atlas
% blaeu-resolve --requested 200 --country FR --type A sci-hub.tw
[127.0.0.1] : 112 occurrences
[186.2.163.90] : 80 occurrences
[146.112.61.106] : 1 occurrences
[] : 3 occurrences
[ERROR: SERVFAIL] : 3 occurrences
Test #23244613 done at 2019-11-16T11:08:55Z
bortzmeyer
/ postbank.md
Created
November 14, 2019 09:59
Postbank / Google Public DNS problem, as seen by RIPE Atlas probes
Regular resolver (may be Google Public DNS):
% blaeu-resolve -r 100 --dnssec --displayvalidation --type A postbank.de
[160.83.8.182] : 38 occurrences
[ (Authentic Data flag) 160.83.8.182] : 53 occurrences
[ERROR: SERVFAIL] : 6 occurrences
[ (Authentic Data flag) ] : 1 occurrences
Test #23221499 done at 2019-11-14T09:53:54Z
bortzmeyer
/ antitrackers.md
Created
November 11, 2019 10:23
Blocking hidden trackers (Eulerian, Criteo) on Knot Resolver
For the Knot DNS resolver (used for instance on the Turris:
-- https://www.shaftinc.fr/escalade-traque-eulerian.html
policy.add(policy.suffix(policy.DENY, {todname('eulerian.net.')}))
policy.add(policy.suffix(policy.DENY, {todname('dnsdelegation.io.')}))
% homer https://dns.hostux.net/dns-query csa.fr A
id 0
opcode QUERY
rcode NOERROR
flags QR RD RA
edns 0
payload 4096
option ECS 2001:67c:1348::/56 scope/0
;QUESTION
NXDOMAIN for an ENT (Empty Non-Terminal)
dig @ns1.flexbalancer.net. A a7e454.flexbalancer.net
; <<>> DiG 9.10.3-P4-Debian <<>> @ns1.flexbalancer.net. A a7e454.flexbalancer.net
; (2 servers found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 627