DNS

SOA Checker

Intro this is a little script which reads the Name Servers for a given Domain, and then asks the NameServer for the SOA of this Domain. Script cat << 'EOF' > soachecker.sh #!/usr/bin/env bash # Little SOA & Serial Checker, v0.1, @stoege tmpfile=$(mktemp) # Check Args echo if [ $# -eq 0 ]; then d="stoege.net" echo -e "No argument provided. use \033[1m'${d}'\033[0m" elif [ $# -eq 1 ]; then d="$1" echo -e "Domain \033[1m'${d}'\033[0m provided" else echo -e "\033[1mmore than one arguments provided.

acme.sh

Certificate Management with ‘acme.sh’ I like to manage my certificates on my own. If you work with Wildcard Certs, acme.sh is a nice and flexible ACME Client, purely written in Shell. It’s probably the easiest & smartest shell script to automatically issue & renew the free certificates. Basic Handling Get Version acme.sh --version run it # acme.sh --version https://github.com/acmesh-official/acme.sh v3.0.6 Upgrade Self are we up2date ? acme.sh --upgrade run it

Acme-DNS

Web A simplified DNS server with a RESTful HTTP API to provide a simple way to automate ACME DNS challenges. Sounds promising, right ? Let’s give try ;) https://github.com/joohoi/acme-dns Setup fireup a new OpenBSD VM let’s do it in London. ip: 100.10.20.30 patch, update, add go doas su - syspatch pkg_add -Vu pkg_add go clone repo and build acme-dns cd /root git clone https://github.com/joohoi/acme-dns cd acme-dns export GOPATH=/tmp/acme-dns go build cp acme-dns /usr/local/sbin/ Create Selfsign Cert the RESTful API need’s a Cert.

DNSSEC - OARC Size Tester

Talk from @mwl at BSDCAN 2022 https://www.youtube.com/watch?v=1n62VZj-CKI OARC Reply Size Tester dig +short rs.dns-oarc.net TXT Host1 - good :) # dig +short rs.dns-oarc.net TXT rst.x4090.rs.dns-oarc.net. rst.x4058.x4090.rs.dns-oarc.net. rst.x4064.x4058.x4090.rs.dns-oarc.net. "45.15.80.80 DNS reply size limit is at least 4090" "45.15.80.80 sent EDNS buffer size 4096" Host2 - bad :( # dig +short rs.dns-oarc.net TXT rst.x1196.rs.dns-oarc.net. rst.x1206.x1196.rs.dns-oarc.net. rst.x1204.x1206.x1196.rs.dns-oarc.net. "74.63.25.240 DNS reply size limit is at least 1206" "74.63.25.240 sent EDNS buffer size 1232" Any Comments ?

IPv6 Reverse DNS

IPv6 is fun, if you know how to handle it ! As a “sponsor LIR”, i got my own AS and a small /44 IP Space. So, as we all do “forward” DNS with our Domains, i’d like to have Reverse DNS as well. And as i don’t have a legacy IP Range, i like todo it with my v6 Space. Special thanks to Christian for his remote Hands/Tips. Appreciate it!

PowerDNS on OpenBSD

Run PowerDNS on OpenBSD I’m mostly happy with NSD as Authoritative Nameserver. But why not look over the fence and have a look at PowerDNS ? At least the API looks promising to me … Install Package doas pkg_add powerdns-- Create Folder, DB and set Permission doas mkdir /var/db/pdns doas sqlite3 /var/db/pdns/pdns.sql < /usr/local/share/doc/pdns/schema.sqlite3.sql doas chown -R _powerdns:wheel /var/db/pdns/ Update Config File /etc/pdns/pdns.conf # DB gsqlite3-database=/var/db/pdns/pdns.sql launch=gsqlite3 setuid=_powerdns # Tuning & Protection max-queue-length=5000 overload-queue-length=2500 # Webserver webserver=yes webserver-address=ip-of-your-nameserver webserver-allow-from=127.

Dog

Dog (echo dig |sed ’s/i/o/') you know nslookup, dig, hosts, getenv and all the commans for the cli. but have you ever tried dog ? Website: https://dns.lookup.dog/ and their Doku: https://dns.lookup.dog/dns-in-five-minutes dog is an open-source DNS client for the command-line. It has colourful output, supports the DoT and DoH protocols, and can emit JSON. Install Package $ doas pkg_add dog Examples DNS over TLS $ dog example.com --tls @dns.google DNS Request over HTTPS $ dog -H @https://dns.

Gluerecords

https://serverfault.com/questions/142344/how-to-test-dns-glue-record Check GlueRecords host:~ $ dig +short ch. NS c.nic.ch. a.nic.ch. h.nic.ch. f.nic.ch. g.nic.ch. b.nic.ch. e.nic.ch. host:~ $ dig +norec @a.nic.ch. noflow.ch. NS ; <<>> DiG 9.10.6 <<>> +norec @a.nic.ch. noflow.ch. NS ; (2 servers found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 29211 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;noflow.

Dig Dns Whois

whois egal.com user@erde$ whois egal.com Domain Name: EGAL.COM Registry Domain ID: 1979745_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.name.com Registrar URL: http://www.name.com Updated Date: 2019-09-25T20:43:47Z Creation Date: 1996-03-25T05:00:00Z Registry Expiry Date: 2022-03-26T04:00:00Z Registrar: Name.com, Inc. Registrar IANA ID: 625 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: 7202492374 Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited Name Server: NS1CNY.NAME.COM Name Server: NS2KRY.NAME.COM Name Server: NS3DKZ.NAME.COM Name Server: NS4BHT.NAME.COM DNSSEC: unsigned URL of the ICANN Whois Inaccuracy Complaint Form: https://www.