Monthly Archive: February 2017

Hi

My case is very simple and i think many geek have the same configuration.

I have a personal domain name which is hosted by an isp. I made the setup to access some services I host on my local network (mostly sandbox web sites). It works really well… when i’m outside !

From an outside computer access is fast and reliable ! From MY network, access is veeeeery long and finally times out !

From my local network, ping, nslookup, tracert are ok !

What do I miss in my DNS configuration ?

I am in process of migrating ISP and have some concerns on DNS configurations. We currently host our own public DNS as well as a mirrored DNS 3rd party. Would it be suggested to set same host w/ 2 different ISP IP addresses?

Current setup:

Network>Public DNS>Firewall>ISP1

Public DNS: (host) mail.server (ISP1) 123.456.789.123

Would adding the same host in the same DNS zone cause issues with secondary ISP

Public DNS: (host) mail.server (ISP2) 789.456.123.321

*3rd Party DNS only mirrors our DNS

Нi реорlе.

Rесеntlу, I rеalizеd that thе bеst wаy to find а girl – it’s dating in thе Intеrnеt.

I rеgistеrеd on thе most pоpulаr dаting sitеs, but thеsе girls hаd a lоng timе tо соrrеspond, thеу arе rеluсtant to аnswеr аnd rаrеlу аgrееd оn thе lifе dаting.

Реrsоnаllу, I would likе to find а girl just for sеx, without rеlаtiоns.

Onе dау my friеnd advisеd tо lооk for onlinе dating sitеs fоr sеx. At whiсh thе girls arе rеgistеrеd with thе samе goal – to find a рartnеr for sеx.

It turnеd оut thаt thеsе sitеs arе vеry muсh. I rеgistеrеd оn thе vаrious wеbsitеs. But most оf thеm had onе drawbасk. Тhis is usuallу pаid sitеs, thеy rеquirе а monthly subsсriрtiоn аnd on thеsе sitеs rеgistеrеd mоrе mеn than wоmеn.

I askеd thе quеstiоn in thе diffеrеnt forums, whiсh dating sitе is frее аnd provеn. I’vе rеgistеrеd аt аll of thеm, but in thе еnd I found onе suitablе dаting sitе. I nоtе that it’s frее and alwауs а lot оf girls from diffеrеnt соuntriеs аrе оnlinе.

If sоmеоnе is intеrеstеd, hеrе it’s thе sitе: http://imgur.com/eOLm25c

Mу ехpеriеncе: I hаd sеx 3 timеs in thе pаst month with diffеrеnt girls frоm this wеbsitе.

I came across an article on Linux Journal about setting up a local bind and saw it as an opportunity to fill in some gaps in my understand of DNS, which at this point is pretty weak, bear with me. 🙂

I soon discovered that named spits out a lot of log rows like

validating @0x7fc2b41e9d10: i.creativecommons.org A: no valid signature found.

So I used the Verisign labs dnssec debugger to investigate and all of them are missing the zone DS record, like creativecommons.org.

I suppose this is due to them not setting up their DNS correctly and that it is a common issue?

I also discovered that my DNS registrar has this same problem with missing DS record for their domain. Should I be bothered by this? Shouldn’t a registrar have their own domain successfully set up for dnssec or at least not a broken configuration, or am I misinterpreting something?

The same dns registrar automatically set up my domains with dnssec so this puzzles me.

Consider a DNS resolver that does not keep track of host names it is currently trying to resolve. Several queries for the same host name may thus be active at the same time. How can this situation be exploited by a cache poisoning attack? What is the probability of success of your attack?