@PowerDNS_Bert Thank you for: http://powerdnssec.org/downloads/packages/ !
Tue May 31 07:09:39 +0000 2011
Useless renaming of variables: CUR="${PWD}" #actual #code #bash
Tue May 31 10:35:17 +0000 2011
svn should support the -a flag \(as a noop\)
Tue May 31 12:23:04 +0000 2011
Whenever I see a screenshot of Ubuntu 10.10 I can’t help to think: Remember those go’old days?
Tue May 31 12:51:11 +0000 2011
Replying to @sspans
Dat moet helemaal een mooie tijd zijn geweest!
The problem: you want to keep a historical reference of zone changes. This little script helps you do that, it:
AXFRs the zone you want; Cleans the zone a bit, sorts it and feeds it through named-compilezone to make it look “nice”; Puts it in a git repository; Checks it in with a date tag (date -u '+%Y-%m-%d_%H%M%S'). You do need to define the directory where the git repository is located in the script ($gitdir).
Zeitgeist integration; Focus follows mouse working. As in ‘alt-tab’ obeys this too. See bug 597190; Easier workspace switching; Themes; Much smaller window titlebars; An easier way to find your windows, maybe a windowlist in the panel.
I’m (again) rewriting the API of godns. I’ve now taking a cue from the http package in Go, the result seems very nice. A reflector (returns your query in the answer) in Go becomes:
package main import ( "dns" "log" ) func ReflectServer(w dns.ResponseWriter, req *dns.Msg) { m := new(dns.Msg) m.SetReply(req) m.Extra = make([]dns.RR, 1) m.Extra[0] = &dns.RR_TXT{Hdr: dns.RR_Header{Name: m.Question[0].Name, Rrtype: dns.TypeTXT, Class: dns.ClassINET, Ttl: 0}, Txt: "Hello world"} buf, _ := m.
@ErikHensema Da’s allang niet meer waar, 1225 is het nwe minimum, maar 4k zou ook nog goed moeten gaan
Wed Mar 30 08:43:15 +0000 2011
http://webwereld.nl/achtergrond/106189/oude-netwerken-zien-dnssec-als-aanval.html #dnssec #dutch
Wed Mar 30 10:16:31 +0000 2011
Replying to @reseauxsansfil
zul je net zien :-)
Wed Mar 30 10:49:34 +0000 2011
Replying to @jeroenbulten
jep. Als het optreedt ben je er wel ff zoet mee om uit te zoeken wat er nu precies mis is.
I’ve tagged a new version of “Learning Go”, version 0.3. It’s more of a snapshot of the current development, than an actual “release” release.
There are lots of fixes, code updates and tweaks. Numerous people send in fixes. Thank you all for the contributions!
Get it:
PDF download; Latest daily build. Feedback is welcome.
To see the development version you can use:
Gitweb repository; Daily builds. Major stuff coming in 0.
Replying to @geertjanweijman
jep, hadden wel lichtjes bij ons, dus dat scheelde weer een bekeuring.
Mon Feb 28 10:32:48 +0000 2011
Just stepped in the time machine: reading about NSEC2 and DNSNR
Mon Feb 28 12:54:15 +0000 2011
This Internet-Draft will self destruct on November 30, 2004. #way #cooler
Mon Feb 28 12:55:07 +0000 2011
Released “Learning Go” version 0.3, http://www.miek.nl/s/59fd0dbd79/ #Golang
Mon Feb 28 20:16:58 +0000 2011
I need hardlink support in sftp and the newest ssh version provides this. But there are no packages for Ubuntu 10.10. Therefor I backported OpenSSH from Ubuntu 11.04 to 10.10. Here you can find these packages:
64 bit openssh-client_5.7p1-1ubuntu1_amd64.deb openssh-server_5.7p1-1ubuntu1_amd64.deb ssh-askpass-gnome_5.7p1-1ubuntu1_amd64.deb sshfs_2.2-1build1_amd64.deb 32 bit openssh-client_5.7p1-1ubuntu1_i386.deb openssh-server_5.7p1-1ubuntu1_i386.deb ssh-askpass-gnome_5.7p1-1ubuntu1_i386.deb sshfs_2.2-1build1_i386.deb all ssh_5.7p1-1ubuntu1_all.deb ssh-krb5_5.7p1-1ubuntu1_all.deb The minimum upgrade consists of installing openssh-client and openssh-server.
OpenSSH 5.7 adds hardlink support to the sftp protocol:
sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the “ln” command in the client. The old “ln” behaviour of creating a symlink is available using its “-s” option or through the preexisting “symlink” command
This is awesome as I can use that to make rdup work (better) with sshfs.
I’ve created a patch to add hardlink support to sshfs.
Replying to @PowerDNS_Bert
overwhelm the resolver with nsec3s and then \(quote Duke Nukem\): “Let God sort them out.”
Mon Jan 31 08:56:47 +0000 2011
The 3 in NSEC3 represents the number of people that actually understand all the corner cases. #dnssec #nsec3
Mon Jan 31 09:00:45 +0000 2011
RT @bdekruijff: Can anyone at #samsung please fire the guy who concieved #kies!? What a worthless piece of crapware..
Mon Jan 31 20:29:21 +0000 2011
How about on-the-fly signing? In this example we add a signature to any packet dealing with www.example.org. Again it is a matter of defining the matching, action and setup functions.
Matching We don’t have to match anything coming in, we only need to sign pkts on their way out. So the function becomes:
func match(m *dns.Msg, d int) (*dns.Msg, bool) { // Matching criteria switch d { case IN: // nothing case OUT: // nothing } // Packet Mangling switch d { case IN: // nothing case OUT: if m.
You need to install Go and Go DNS, but then you can play with Funkensturm:
Architecture and announcement; Transparant proxy example; Delaying proxy example; Signing proxy example.
Another application for Funkensturm is: delaying packets. Here we only delay packets with the recursion desired bit (RD) set, but it can be easily be changed to check for other properties of a packet, see godoc dns for all elements of DNS packets.
The configuration is similar as described here.
Matching pkts with RD bit set The matching function becomes:
// the only matching we do is on the RD bit // for incoming packets.
A transparent proxy is a proxy that does nothing, but it serves as a nice introduction into Funkensturm.
See this post for an architectural overview of Funkensturm.
Currently a configuration is compiled into the Funkensturm binary. As such it must look like a normal Go program.
Matching function The matching function checks a packet for features and can optionally modify it.
This is the prototype of a matching function:
func match(m *dns.
What’s a DNS proxy? A proxy is something this sits between a client and a server and does something with the data flowing through it. So a DNS proxy does this for DNS packets.
How does Funkensturm work? Funkensturm consists out of 3 configuration parts:
A setup function for the initial setup. Match/Modify function(s) — This function checks the packet for configured properties. If there is match true is returned. Action function(s) — Taking the truth value from 2.
…Or why shell scripting is not really programming. Two scripts, one called bash-hate:
#!/bin/bash count=0 cat /dev/null - | while read line; do ((count++)) done echo $count and the other one zsh-love:
#!/bin/zsh count=0 cat /dev/null - | while read line; do ((count++)) done echo $count Then:
% cat testfile | ./bash-hate 0 % cat testfile | ./zsh-love 9 (Yes, I know about subshells. Just learn a real programming language.)
Doing cryptography is hard, luckily there are enough libraries out there that help you with it. OpenSSL is probably one of the best (known). Go has its own crypto library, which is written in pure Go.
Now with these aids crypto becomes doable for mere mortals, but all these libraries work with buffers which hold the data, the signature and sometimes the key also. Off-by-one errors in composing these buffers leads to a “Bogus signature” error (in DNSSEC).
I’ve implemented axfr in my Go DNS library in nice and Go-like way (at least that’s what I like to think). Starting an axfr results in a channel which can then be used with the range keyword to loop over it, until the entire axfr is received.
Using it First the normal begin of a Go program:
package main import ( "fmt" "dns" // DNS package ) Then we start the main function in which we define a new resolver and a channel for receiving the axfr messages.
Lekker dat schuifelen over de ijzel
Fri Dec 31 09:33:13 +0000 2010
@WebAudience die was makkelijk! #nsa maar wel leuk
Fri Dec 31 09:37:28 +0000 2010
RT @jeroenbulten: Yes. De validating resolver doet het. http://twitpic.com/3ljnmz
Fri Dec 31 11:55:42 +0000 2010
So I can pack/unpack uint8/16/32, string, hex, etc. Looking at TSIG RFC: time_signed: uint48, 48! *GRRRR* #godns
Fri Dec 31 15:14:38 +0000 2010
Staan hier 2 jongetjes vuurwerk af te steken en het wordt meteen al mistiger.
[ post updated to reflect changes in the library ]
This library takes a new, innovative and enterprise ready approach sends and receives queries to and from the DNS.
The library was forked from the official DNS code in Go (in the net package). Since that time Go team has thrown out this code and started to use the system’s C library via a wrapper. I was however struck by the elegance of the code (esp.
I’ve extended the DNS filesystem a bit and added the possibility to WRITE to it. This only works for zones which utilize dynamic updates.
You can now mount the world and write to it!
Also TSIG should be supported (but I have not tested it - as I’m lazy). For TSIG you need a file (named “dynupdate” here with the following):
# domain tsig-key name key miek.nl tsig-key awwLOTrFPge+rRKF2+DEiw== Code is still contained in a single Perl file.
This is the second time I’m writing this, but now its much better then the previous attempt.
The idea is as follows, using Fuse and Perl this is an actual filesystem which maps the DNS to files and directories.
You can now mount the world! :-)
The following holds true for this filesystem:
Uppercase named directories are zone-cuts, or; Uppercase named directories are labels; Lowercase named files are rrtypes (like txt, soa, etc.
@sidn heh, at least it isn’t DNSSEC related
Tue Nov 30 14:12:25 +0000 2010
Replying to @bdekruijff
goede verhalen vertel je het beste in de kroeg! Wanneer?
Tue Nov 30 19:36:54 +0000 2010
@BartVroom @bdekruijff vrijdag it is. 8 uur? Haantje?
Tue Nov 30 20:17:40 +0000 2010
Where is the 10" Android \(3\.0?\) based tablet. Hurry #google. I want to spend money \(not to much though\)
Tue Nov 30 21:01:21 +0000 2010
Zo daar sta je dan in santiago de chili, eerste biertje achter kiezen, nu de stad in
Sat Oct 30 16:15:50 +0000 2010
RT @wmacgyver: Learning #golang book available in PDF format http://j.mp/b9AXss
Sat Oct 30 21:21:34 +0000 2010
This morning I’ve tagged version 0.2 of “Learning Go”. Among the larger changes is that “Interfaces” is now a separate chapter.
I have also removed/added/updated the text. Fixed mistakes in the text and code (and probably added new ones).
To get it:
PDF download Gitweb repository Daily builds Latest daily build Feedback is welcome.
Of course a lot of work still needs to be done:
(Finally) fix all the exercises; Test/Retest if all the Go code works with the latest compiler; Finish the last chapters (chapter 6,7 and 8); …