Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
AXFR is a pseudo record in the DNS protocol. Just like a normal A record you can ask a DNS server for the "AXFR record". The only difference is, it will never answer with an actual AXFR record, but instead, it will send you all the records in the zone. This is how secondary DNS servers can receive new records, once the records at the primary DNS server have changed ;-)
-
@Linux: The DNS library will be released on Github soon. I still need to add some examples and write some proper documentation for library before I will release it.
@cors: As with every software library you can use it for good and for bad purposes. But in fact, you can use it to initiate DNS cache poisoning attacks. The DNS library gives you full control over what you send over the wire. -
@Hel8y thank you for that! 👍🏻
I'm going to poke around a bit to see it in action. Learn by doing/breaking 😃 -
@Hel8y congrats, and be proud :) (you answered after i felt the question was too childish a comment for a victory-sharing rant :D sorry about that)
-
@cors: It was a good question; -) Actually, while writing the DNS library I began to realise the library was capable of initiating a DNS cache poisoning attack. In fact, we are preparing a test case where we will test how different server will react to this. Together with a co-worker we came up with a very, very, very bad version of a DNS cache poisoning attack which, if it succeeds, could actually take down some big ISP's if their server are not correctly configured. We haven't checked the full DNSSec specification, but at the moment we are not even sure if DNSSec aware server will be able to ignore the attack. But maybe more on this later; -)
-
@Hel8y oh god... a certificate from some authority to turn the little browser padlock green, and instantly you own millions of facebook, twitter, google, whatnot accounts. send me gps coordinates i'll be there asap :D don't want to miss this out.
-
@cors: Haha, sorry, I'm like a superhero, I only use my powers for doing good ;-) We will test the attack on a special test setup, not on any real ISP.
Well, maybe one or two really annoying ISP's... no, just kiddin' ;-) -
I felt the same when I developer a unit test tool for COBOL programs. I had to write a parser and come up with a logic for generating test cases automatically. People at the company have really enjoyed my work, but no one seems too grasp the amount of intellectual effort it took me to do the tool (I did it as a side project, learning everything from scratch), as they regard it as just another tool. But I had a blast when I could finally run it after four months of lonely development.
-
-
@hilpitome Don't think you don't know shit. I've been doing this for over 10 years now and usually I spent at least 6 days of the week working with PHP. 8 years ago I wouldnt have been able to write this project, even 3 or 4 years ago I wouldn't have been able to write this project. Since I started with PHP I got a bachelor's degree in Computing Science (didn't start my Master because I was already working 40 hours a week).
Don't be afraid. Some guy at Google (I think, I'm not sure), said in an interview it will take you at least 10 years to really master a programming language. Although I realise I've come far, I still learn new things every now and then. Just keep searching for new challenges and one day you will get there. -
@Hel8y thanks for the encouragement.. I'll be patient then see if I can do cool stuff like u in ten years.. I just got a year
Soms week ago a client came to me with the request to restructure the nameservers for his hosting company. Due to the requirements, I soon realised none of the existing DNS servers would be a perfect fit. Me, being a PHP programmer with some decent general linux/server skills decided to do what I do best: write a small nameservers which could execute the zone transfers... in PHP. I proposed the plan to the client and explained to him how this was going to solve all of his problems. He agreed and started worked.
After a few week of reading a dozen RFC documents on the DNS protocol I wrote a DNS library capable of reading/writing the master file format and reading/writing the binary wire format (we needed this anyway, we had some more projects where PHP did not provide is with enough control over the DNS queries). In short, I wrote a decent DNS resolver.
Another two weeks I was working on the actual DNS server which would handle the NOTIFY queries and execute the zone transfers (AXFR queries). I used the pthreads extension to make the server behave like an actual server which can handle multiple request at once. It took some time (in my opinion the pthreads extension is not extremely well documented and a lot of its behavior has to be detected through trail and error, or, reading the C source code. However, it still is a pretty decent extension.)
Yesterday, while debugging some last issues, the DNS server written in PHP received its first NOTIFY about a changed DNS zone. It executed the zone transfer and updated the real database of the actual primary DNS server. I was extremely euphoric and I began to realise what I wrote in the weeks before. I shared the good news the client and with some other people (a network engineer, a server administrator, a junior programmer, etc.). None of which really seemed to understand what I did. The most positive response was: "So, you can execute a zone transfer?", in a kind of condescending way.
This was one of those moments I realised again, most of the people, even those who are fairly technical, will never understand what we programmers do. My euphoric moment soon became a moment of loneliness...
undefined