Pinboard (jm)
https://pinboard.in/u:jm/public/
recent bookmarks from jmBug #1624320 “systemd-resolved appends 127.0.0.53 to resolv.conf...” : Bugs : systemd package : Ubuntu2021-12-10T11:00:21+00:00
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1624320
jmThis bug just compromised every ubuntu machine on my network. It falsely says that DNSSEC is not supported by the nameserver and resorts to non-DNSSEC resolution. So every machine on my network just accepted bogus DNS replies from a MITM. Thanks.
Is there anything systemd can't break :(]]>systemd fail dns dnssec mitm security resolvers ubuntu bugs linuxhttps://pinboard.in/https://pinboard.in/u:jm/b:56f29ab67900/New Spam Campaign Controlled by Attackers via DNS TXT Records2019-06-12T09:24:47+00:00
https://www.bleepingcomputer.com/news/security/new-spam-campaign-controlled-by-attackers-via-dns-txt-records/
jmWhen decoded, this string is an URL to Google's public DNS resolve for a particular domain. For example, the above string decodes to https://dns.google.com/resolve?name=fetch.vxpapub.[omitted].net&type=TXT.
The attachment's script will use this URL to retrieve the associated domain's TXT record.
A TXT record is a DNS entry that can be used to store textual data. This field is typically used for SPF or DMARC records, but could be used to host any type of textual content.
The nice part about using the Google's DNS resolver is that the information will be returned as JSON, which makes it easy for the malicious script to extract the data it needs.
(via Paul Vixie)]]>txt dns google resolvers spam fail security via:paulvixiehttps://pinboard.in/https://pinboard.in/u:jm/b:f1c061c3ee1a/Quad92017-11-16T16:50:09+00:00
https://www.quad9.net/#/about
jmQuad9 is a free, recursive, anycast DNS platform that provides end users robust security protections, high-performance, and privacy.
Security: Quad9 blocks against known malicious domains, preventing your computers and IoT devices from connecting malware or phishing sites. Whenever a Quad9 user clicks on a website link or types in an address into a web browser, Quad9 will check the site against the IBM X-Force threat intelligence database of over 40 billion analyzed web pages and images. Quad9 also taps feeds from 18 additional threat intelligence partners to block a large portion of the threats that present risk to end users and businesses alike.
Performance: Quad9 systems are distributed worldwide in more than 70 locations at launch, with more than 160 locations in total on schedule for 2018. These servers are located primarily at Internet Exchange points, meaning that the distance and time required to get answers is lower than almost any other solution. These systems are distributed worldwide, not just in high-population areas, meaning users in less well-served areas can see significant improvements in speed on DNS lookups. The systems are “anycast” meaning that queries will automatically be routed to the closest operational system.
Privacy: No personally-identifiable information is collected by the system. IP addresses of end users are not stored to disk or distributed outside of the equipment answering the query in the local data center. Quad9 is a nonprofit organization dedicated only to the operation of DNS services. There are no other secondary revenue streams for personally-identifiable data, and the core charter of the organization is to provide secure, fast, private DNS
Awesome!]]>quad9 resolvers dns anycast ip networking privacy securityhttps://pinboard.in/https://pinboard.in/u:jm/b:779a47e8794b/[dns-operations] Sad news today: systemd-resolved to be deployed in Ubuntu 16.102016-06-07T11:44:20+00:00
https://lists.dns-oarc.net/pipermail/dns-operations/2016-June/014964.html
jmsystemd dns resolvers linux unixhttps://pinboard.in/https://pinboard.in/u:jm/b:81b416c8c0f5/