Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Got a phone interview for a backend dev job in an opsec company.
Interviewer:
This is a very serious and prestigious position, we take care of the most important bits of code.
*Proceeds to talk introductory nonsense*
Interviewer:
Do you know what a DNS is?
Me:
Yes, of course! DNS stands for Domain Name System.... Blah blah blah... I explain about the servers, about hosts file, about DNS spoofing and everything else possible on this topic.
Interviewer:
See, I was patient with you - letting you finish. I'm not sure what you're talking about and where you got it from, but a DNS is that line in the browser where you type the site's name.
He didn't ask any more questions, just told me that they'll get back to me. I asked not to do that.
Three weeks later I got an email claiming that I'm not qualified.45 -
The DNS server I'm writing in PHP (largely taken from another project) is starting to work!
Next to just blocking queries it logs every blocked query so I can have stats :3
A little terminal output:
65 -
I don't use Google/Facebook for privacy reasons (and their sub-services etc). Haven't used them for ages but noticed that google still loads a lot of domains like analytics etc. This goes for facebook as well.
I now blocked a lot of google/facebook domains through my hosts file.
It's funny to see the amount of DNS requests to those fb/google connected domains nearly go to zero and also the fact that I literally can't load google/facebook anymore!132 -
Soms week ago a client came to me with the request to restructure the nameservers for his hosting company. Due to the requirements, I soon realised none of the existing DNS servers would be a perfect fit. Me, being a PHP programmer with some decent general linux/server skills decided to do what I do best: write a small nameservers which could execute the zone transfers... in PHP. I proposed the plan to the client and explained to him how this was going to solve all of his problems. He agreed and started worked.
After a few week of reading a dozen RFC documents on the DNS protocol I wrote a DNS library capable of reading/writing the master file format and reading/writing the binary wire format (we needed this anyway, we had some more projects where PHP did not provide is with enough control over the DNS queries). In short, I wrote a decent DNS resolver.
Another two weeks I was working on the actual DNS server which would handle the NOTIFY queries and execute the zone transfers (AXFR queries). I used the pthreads extension to make the server behave like an actual server which can handle multiple request at once. It took some time (in my opinion the pthreads extension is not extremely well documented and a lot of its behavior has to be detected through trail and error, or, reading the C source code. However, it still is a pretty decent extension.)
Yesterday, while debugging some last issues, the DNS server written in PHP received its first NOTIFY about a changed DNS zone. It executed the zone transfer and updated the real database of the actual primary DNS server. I was extremely euphoric and I began to realise what I wrote in the weeks before. I shared the good news the client and with some other people (a network engineer, a server administrator, a junior programmer, etc.). None of which really seemed to understand what I did. The most positive response was: "So, you can execute a zone transfer?", in a kind of condescending way.
This was one of those moments I realised again, most of the people, even those who are fairly technical, will never understand what we programmers do. My euphoric moment soon became a moment of loneliness...21 -
I'm a week into my new job right now. What do I love the most about it?
Learning things all day long and getting paid for it!
I'm learning about hosting things, DNS, cyber security, configurations, Linux (although my current skill set with Linux has been enough for now) and so on!
Hell, easy day today (not that many tickets) so decided to start learning Ansible! Next to that I've gotta learn vim (it just autocorrected that to cum.... O.o), work with hosting panels, mail stuffs (dns, debugging etc etc) and so fucking on.
The boss hasn't been at location yet which will happen tomorrow but he seemed like a very chill guy.
I love this!23 -
Holy fuck, this is starting to work!
Problem: I am highly anti google/facebook/few others and I'd rather null route those DNS requests.
The problem is that the pihole only can blacklist domains or wildcard domains but not words. So if Google would come up with a new name for some of their domains, I'd be fucked because I can't filter out the word Google through the pihole.
Today I fucking found the solution (still a work in progress but a PoC is nearly working):
Compiled a program which can monitor DNS queries/requests and logs them to a file.
Have a php (yes I write most of my cli tools in php) script tailing the log file and gathering the requested domains from it.
Then I can see if the domain contains the substring which I don't like (google as word for example) and echo it to the end of my hosts file with 0.0.0.0 in front of it if that's the case.
Holy fuck this seems to be working! 😍25 -
Half a week later I finally found out why my DNS server "wasn't working" on any of my servers.
Let's just say that MullVad's anti-dns leaking technology works extremely well.
It was tunneling all DNS requests through its own servers to prevent DNS leaks and I never thought of it a single fucking time!
😅4 -
*sets up BIND DNS server*
Domain name system..? Domain? As if it wants me to know my place on the internet?!! THAT'S SO OFFENSIVE!!! Change the name right now!!!
BIND? For real, a BDSM reference?! How sexualizing can you white cis males be?!! SO OFFENSIVE!!!
In the /etc/bind/named.conf.local I have to fill in a master type? MASTER??
🅼🅰🆂🆃🅴🆁???
🆂🅾 🅳🅰🅼🅽 🅾🅵🅵🅴🅽🆂🅸🅱🅴
Clearly technology is part of the patriarchy. I can't use DNS like this. Now where's my contributor's covenant?!19 -
Have been working on a frontend with actual stats for the DNS server I'm building. This is the result so far (real stats, red blocked domains are marked by me (in redis) as surveillance domains), thoughts?menu
18 -
It's never enough, is it?
I was going to write a simple dns server/proxy/firewallish thingy in php.
That's working. I'm adding a dashboard and api now 😅13 -
I live in the terminal. I write lots of scripts (Shell, Python, node js) to automate tasks that would take hours to do by my teammates. Recently, I started automating everything that I put my hands on using Ansile: from pointing DNS server to continuons deployment, provisionning a fully customized infrastructure on the cloud using just a single command!
This is because automation gives you super power, the feeling that what you do help tl increase the productivity, reduce bugs etc.. Simply, once mastered, automation is ausome!12 -
So Facebook provided unlimited data access to loads of companies including spotify/microsoft and other big names.
Although there are privacy rules, those companies had deals which excluded them from these privacy rules.
I don't think my custom DNS server or a pihole is enough anymore, let's firewall block all Facebook's fucking ip ranges.
Source: https://fossbytes.com/facebook-gave...19 -
I get a call: "Hey the site is down. Fix it!"
Worked on my workstation, not on my phone => DNS issue.
Local cache: "All OK"
ISP's DNS: "No record"
Google DNS: "Server error"
MXToolbox: "All OK"
CloudFlare DNS: "Domain? What domain?"
After a day of fucking around with configs and wanting to strangle the customer support guy, I just started pressing buttons, until suddenly, it worked. Turns out I'd accidentally enabled DNSSEC on a domain, that wasn't configured for it.
Lesson learned: There is no official DNS error code for "DNSSEC failed somewhere upstream". If you're lucky, you might get something useful out of the authoritative server, but apparently not on Mondays.8 -
Weekend so far:
Chrome Update FUCKED UP my website.
Tried to update my server to Ubuntu 16.04. That FUCKED UP in the middle and I didn't have any recent backup.
Went back to old backup. But didn't see any changes in the website. Was wondering that for 1 hour.
Forgot that my website was using cloudflare caching. In the meantime I have changed my DNS settings.
Out of frustration removed website from cloudflare. That FUCKED UP the DNS further.
Now I have no idea how long it will take the DNS to update.
FUCKING F M L6 -
Fucking crunchyroll hardcodes their access tokens in a Constants Class in their APK, technically that is a security issue.
What the actual fuck Crunchyroll!? No fucking wonder you got DNS Hijacked so quick, security is literally your second priority you dumbed down twats, get some real devs and some real QAs for fucking god sakes, you're tearing down your own system by inviting exploits.9 -
"hi, we have some dns records we'd like to change, they're in the attachment. Could you send a message when it's done? Thanks in advance!"
No, fuck off. Fucking cunts.15 -
Something is not working with PTR DNS records right now.
It's getting really frustrating and I'm starting to DuckDuckGo the issue.
Just noticed that I typed this:
"how to setup a fucking ptr record".
I didn't type the 'fucking' intentionally.
😆😅9 -
It's funny to see when certain stuff works without realizing it.
I've got multiple vpn servers and whenever I connect to one it sets my DNS to my pihole's one (hosted on one of my dedicated servers).
I keep forgetting to change my search engine to duckduckgo and no matter what I search for, no page is/was loading and manually have/had to go to duckduckgo.
Then I suddenly realized: the pihole has blacklisted Google so I literally can't connect to google.com/nl!
Awesome 😊56 -
This tiny project is awesome. Thanks to @JoshBent (who partly got it from another repo as well) for providing a basic DNS server with hardcoded blacklisting functionality and thanks to @PerfectAsshole for correcting my mysql syntax I was stuck on for way too long.
I've now got this fucker to read blacklisted words from a redis list into an array which checks every requested domain to see if it matches. If yes, it proxies it through to another DNS server and if not, it'll log the requested domain to a mysql database and prints is as blocked onto the terminal.
If the domain matches any host from a service known to be integrated within a mass surveillance network, it also prints this out to thy terminal.
It's working yay! Gonna keep working on it today.13 -
It's very satisfying to setup Pi-Hole on a vps, point your dns to it, adding the words Facebook and Google to the wildcard blacklist and seeing that literally any request containing either one of those words gets blocked.
On the other hand, it's funny to see that devRant (devrantron) performs around 1k+ requests to devRant every 15 minutes.19 -
When I'm on call and its weekend, I'm often a little nervous the entire weekend and time seems to go slow.
Programming on the dns proxy/firewall now and time is suddenly going quite faster.
This is a damn relieve.6 -
In my company we have a weekly meeting for the Tech deparment, so today the IT Director (my direct manager) was describing an issue we are experiencing with our DNS, and he asked
"What we should do with our DNS?"
Instantly I said out loud:
"Resolve them"3 -
Started working on a pihole alternative a while ago.
I like pihole a lot but one of the features I am missing is to be able to define a list of mass surveillance related domains (Snowden leaks; PRISM program and such) and show statistics based on dns queries containing blacklisted domains, prases/words and surveillance-related domains/words (google/facebook/microsoft/apple etc).
Started working on one based on an existing (php based) dns server which is open source and slowly but surely developed something which worked.
Then, I found out that the php resolving function (dns resolving) uses the system default, which can, of course, be google's dns as well. Changing this would be ideal but while the documentation suggested that it could be done some way, it didn't work for me so I chose a library which can do it with specific dns servers (to use as external dns servers).
This library used a different way of showing the retrieved dns query results and really wasn't in for converting everything by hand so i kinda quit the project a while ago.
A few days ago I thought fuck it and started again.
Now have a working version based on the new dns resolving library and made some other good improvements.
For those who are wondering why I chose PHP for this: why the fuck not?
Happy happy happy.
18 -
--- linux.org domain taken over, doxxed person who created CoC (but wait!) ---
At the time of writing, linux.org does not support HTTPS and has an empty page. Previously, that page showed quite a lot of information about the doxxed person
www.linux.org redirects to the previously doxxed person's Twitter account.
Currently, this seems like a DNS takeover.
We ask you not to spam them. Yes, they created the CoC, something lots of you hate. However, they only created it. They weren't responsible for quite a few open-source projects adopting it. Thus, doxxing then like this was a (objectively) terrible idea, as they aren't responsible for those that made Linux use the widely-hated CoC.
Thanks for reading this brief article, take care.27 -
Christmas-rant:
So I'm having a nice dinner with my in-laws when one of them turns to me: "So, what I want is a website with a link on it to another website, you can do this right?". Seems overly complicated to achieve this result, I know, but she had a fair reason for it. So, I start walking her through what she would need for it. "First thing, let's buy a domain name." "I have to buy these??! I don't believe you, I know people that did not pay for this!" "Well, that's technically impossible except for certain subdomains", I respond politely. "No, I don't believe you!"
So far my happy helping christmas mood.
Merry christmas y'all!16 -
* How other sites charge for a domain name
- The domain (abc.com) is available
---- Price => $14
* How AWS charges
- Your domain (abc.com) is available
--- Domain name => $18.99
--- DNS resolution => $17.88
--- Hosted zone (1) => $10.97
--- Route53 Interface => $45.67
--- Network ACL => $63.90
--- Security Group => $199.78
--- NAT Gateway (1) => $78.99
--- IP linking => $120.89
--- Peer Connection => $67.00
--- Reverve Endpoint => $120.44
--- DNS Propagation => $87.00
--- Egress Gateway => $98.34
--- DNS Queries (1m) => $0.40
--------------------------------
---- TOTAL => $2903.99
(Pay for what you use... learn more)
--------------------------------13 -
Best ad-blocking solution ?
Ad-block ?
FUCK NO !!!!
Pi-hole and modify ad-block filters to block only youtube ads !!
Now sites are not able to know that im blocking ads because pi-hole is DNS based and youtube doesnt care about it.12 -
So I guess you could say Dyn users got Dynied service when their servers were ddossed...
Badum tiss...4 -
Is it really unreasonable that I wish aws would just name their fucking products after what they are? Why the fuck is dns called route 53? Why the fuck is a vm an elastic cloud compute node? Stop being pretentious dicks and just name things what they are!
Am I being unreasonable?7 -
Pro tip: never set custom script stuff related to dns server forcing things in a root firewall app if you don't know what you're doing.
How would I know? There's a slight chance that I just went offline for a few days (mobile only) to figure this shit out 😅
All fixed now, though!21 -
Visual Studio Code.
I've tried you because of hearing a lot of good stuff about you. I'd switch back to netbeans regardless because I love netbeans and I always try to use as little as possible from companies like Google/microsoft/facebook (and others) but what you're pulling right now is un-fucking-believable.
I've disabled ANY AND EVERY form of calling home I could (find) in your settings. Crash reports, automatic updates, metrics, you name it. I've searched all the fucking settings but I can't find any other home calling thing that's enabled and yet:
I'm monitoring every goddamn DNS request (through my own DNS server) and I'm still seeing calls to a Microsoft owned domain. Closed all my browser sessions and you as well and it stopped. Started browser again but not you, nothing.
Started you again: BAM. Calls to that damned Microsoft owned domain again.
If you can't honour my decision for disabling any form of home calls, go fuck yourself.
Netbeans, I'm back, I've missed you 💜35 -
Dear namecheap, I honestly love your service and prices but how in the hell can I see an ip address in the dig of a new domain (url shortener) which I never put or saw there and which doesn't even belong to any server I own/operate?!
DNS cache after the last chance of three days ago, nah, don't think so.
Fucking hell.6 -
Fucking Gmail !!!! I hate you so much !!!
My mail server is fucking perfect, I have all the records in my DNS and even have a 10/10 score on mail-tester.com.
But this fucking Gmail keeps putting me the spam folder ! Why do you hate my so much ?21 -
DevRant makes me really proud how well developers can act together as a group. Makes me think what we could accomplish if we would take all the world's developers and programmers to one place and make our own country. Our currency will be devCoin. World domination follows shortly afterwards14
-
First lecture of computer networks. Let's shove all of these abbreviations with their meaning, and possibly a associated port number in one 1.5 hour lecture:
HTTP, HTTPS, FTP, FTPS, SFTP, TCP, IP, UDP, ISP, DSL, DNS, LAN, WLAN, WDM, P2P, TELNET, PGP, TLS, SSL, SSH, MIME, SMTP, POP3, IMAP, IANA, DHT, RTT, DHCP
I really feel sorry for students who didn't have previous knowledge about this stuff..5 -
Feeling productive at a Sunday evening. Let's install a DNS server and a fucking mail server on two forgotten VPS's I am still paying for.
SO A-FUCKING-PPEARANTLY, THEIR WEB MANAGEMENT PANEL IS FUCKED UP SO I CANNOT REINSTALL MY MOTHERFUCKER VPS's. HOW FUCKING FUCKING FUCKING FUCKING DIFFICULT CAN IT BE.15 -
Okay, help :(
Trying to get my dns server in php to work from the outside (it's on a vm on one of my dedi's) but it's not working.
- Port forwarding works well: confirmed.
- Connection type: UDP; confirmed.
- I *can* dig from the host (dedicated server) to the vm.
- nmap scans show an open port.
The exact same happens on my local network.
I'm lost.13 -
My devGoals for 2019 are:
- Move DNS blocking from hosts file to a PiHole (or similar) at home
- Implement a full HAL for some smol microcontroller in C
- Create better automation templates for testing, building & deployment for our Angular projects
- Get rid of crippling depression
- Force my boss away from firebase and google tools in general
- Spread the love for CraftCMS
- Spread more love in general (with protection of course) 😄2 -
That moment when you're finally getting your user registration and login system up and running!
As a web dev student I feel like I have accomplished something :)10 -
Holy shit my server survived a DNS amplification attack!
I thought my iptables rules were not very effective, since I kept seeing 1-2 ANY requests getting through my pihole (only to be ignored by the upstream cloudflare server).
Turns out, they never actually *kicked in*, until now.
The craziest part is that one ip belongs to the Ministry of a country!! :O
Eat that, motherfuckers! God I love it when this shit actually works!5 -
Had my pure PHP web app rejected on a market platform because I didn't use a framework..
BITCH IT WORKS PERFECTLY WITHOUT A FUCKING FRAMEWORK, IF YOU WOULD HAVE TESTED IT YOU WOULD HAVE SEEN THAT!22 -
> clicks Twitter shortcut
*dns probe failed*
"oh, is cloudflare dns down?"
> goes to cloudflarestatus.com
*dns probe failed*
"ah, right dns isn't working..."6 -
Started part time job at a company, had to log my time on timesheets. Said fuck this and now the whole company logs their hours on a custom web based time logging system which I built.5
-
Decided to throw pi-hole in a bin and found enough resources to throw together my own dns filter in node, which if not on the blacklist - proxies the request to an actual dns, which allows to filter given just a word too (because it's regex matching), "came up" with the idea after @Linuxxx wanted to make (or made?) some big hosts file via php matching and blocking to block anything that e.g. contains "google".
By resources I totally mean I would have ate shit, if it wasn't for: https://peteris.rocks/blog/... as most docs are absolute garbage regarding node-dns
54 -
Had a configure issue on a site running through CloudFlare hosted at WPEngine. Support on chat guy says "can I take a look at your setup" so I screenshot him! He says they're are new ways to point to WPEngine whilst using SSL so I say OK and he points me to a support article which seems accurate. He then says now I want you to change two records so I say ok (not thinking) which I do (stupidly)
Result site no longer reachable.
What do I do now? He says very seriously "you need to wait 24-48 hours for the DNS to propogate"
"Your joking it's a huge site with 20k visitors per day with advertisers on it"
"I'm sorry there is nothing I can do until the DNS YOU changed has propagated"
"I changed?" "Yes you changed the CloudFlare settings"
"You told me to!"
"Is there anything else I can help you with?"7 -
What docker means:
Sorry pal, service names mustn't contain spaces
What docker says:
desc = name must be valid as a DNS component1 -
Lads, this DDoS attack on DYN is must be getting pretty bad, the Department of Homeland security just launched an emergency investigation into the source and apparently Amazon has started being interrupted22
-
Wish me luck. I HAVE to launch 10 websites (yes, ten) this week and half if not all of the clients don't know their DNS accounts or log ins. I foresee a lot of long nights in my near future. Story of our life, right?5
-
Having an philosophy exam in less than six hours. It's 2 am. Laying in bed, thinking about that stupid DNS bug and how to fix it. I have 4 1/2 hours of sleep left - wish me luck ¯\_(ツ)_/¯4
-
We upgraded to Dyn Managed DNS last month, now we're down with the DDoS attack! If we didn't upgrade from their standard plan, we would be online still 😂1
-
From acme.sh manpage:
"--yes-I-know-dns-manual-mode-enough-go-ahead-please Force to use dns manual mode: https://github.com/Neilpang/..." -
TIP:
1.1.1.1: the fastest, privacy-first consumer DNS service
I switched to faster DNS,
And believe it or not, it improved my internet speed.
Just add this DNS and you're gonna experience faster browsing
DNS1: 1.1.1.1
DNS2: 1.0.0.1
comment below if you experience it.
20 -
I asked my CS teacher why my institutions domain had only the www subdomain pointing to the webspace, but not also the second level domain itself. He then explained me that www is the *protocol* on the internet and it's necessary for the website to be accessible, and that pointing the SLD to the webspace in addition therefore wouldn't work.
How could I ever take him serious again? He's supposed to teach networking btw.2 -
Too many night shifts.
But it's done.
After the last migrations my emotional state is... Questionable.
VM migrations between different CPU vendors and generations leading to segfaults because of unsupported X86 extensions.... Thx for doing that at 23 o'clock after 8 hours of work....
Forgetting a left over NIC in a virtual machine, creating a routing loop, leading to very erratic behaviour and fun things.
Someone forgot to check the '"Unique" box, mass spawning a cluster of VMs with same MAC adresses....
DNS fuckery since someone thought that reboot would flush the cache of an DNS server.... Nope most DNS servers have persistent caches. You'll have to flush manually.
And let's not forget the joy of the 12 plus pages of when and where to move VMs, harddrives and VLAN configuration.
Oh migrations are such a festival of joy.
Finally done with that shit -.-4 -
Send an open-solicitation to a company for a medior PHP back-end developer.
Got rejected because "I do web development"...
Bitch, I'm writing an entire CMS in PHP, write entire DNS servers in PHP, write Discord bots in PHP, wrote an entire gameserver in PHP and you're gonna whine to me that "I do web development" because I also know front-end stuff?5 -
The only time I actually open Safari is during those debugging moments when I hope that all other browsers have just given up on me.1
-
Client asks to point their domain to a new 'squarespace' they just got, then call you bc they cannot access the admin console to their old site and 'it's so weird that all the requests are now going to squarespace !!'
1 -
Ordered a Raspberry pi.
Excited to work on it.
Also ordered heat sink with it so as to make it 24/7
Till now I've thought to use as a cached DNS server+VPN client [and from it I'll share the incoming college WiFi to LAN (yes my college is finally getting WiFi for us in hostels)]+mopidy server with iris client
Give some more ideas.
Also, will the RPi be aple to work 24/7 without burning up if heat sink is installed?24 -
Next 3 days I' ll be working on moving our email server to new server because the old datacenter is closing down. Clients are pissed and they are fucking verbally bashing me left to right when I told them that their emails will be down since most of them host their own DNS.
I am fucked.3 -
Well then, looks like my pihole attracted the attention of a botnet with 65 zombies attempting a large DNS amplification attack.
Time to unleash the BANHAMMER
Fun fact: only a few hundereds of their requests actually show up in the pihole logs. The other 40k+ requests they attempted were blocked by my firewall :D
14 -
DNS is everywhere.
I hate DNS.
I hate DNS migrations.
I hate having a hundred plus DNS names inside my brain.
I hate resolving issues.
I hate DNSSEC.
I hate CNAMES.
I hate services which cannot be persuaded to stop trying AAAA resolves first.
I hate the fucking stupid braindead idea to use TXT as a configuration store inside DNS... And thus the necessity to blow up DNS query size aka EDNS.
I really really really really really want to burn this whole mfucking shit down...7 -
I've got this customer who for some fucking reason won't change their DNS to point to our new servers, but wants to fucking stay on that old piece of crap, where we have to ask our sub-provider to generate a CSR to send to our customer to use to sign a certificate to send to us to send to our sub-provider. Because yeah, that's so much fucking easier than just pointing your domain to our new system, and get SSL set up automatically. For fucks sakes! And also, your certificate expires tomorrow, and since our idiot sub-provider hasn't responded to my email about CSR in a week, you basically have no option. So get that thumb out your butt and just switch the DNS!
-
You mother fucking piece of shit.
Whoever taught you programming should be removed from history.
And whatever form of intelligence you claim to possess, let me assure you: breathing is the limit of it.
--
Some of the projects I'm working on are really the epitome of "YOLO let's turn the poopomat machine on in diarrhea mode".
The worst: I cannot really give examples.
I've seen the last days everything.
(bash scripting, docker, services like nginx /haproxy/...)
Eval as an template generator in bash...
Declaring an whole environment in an Dockerfile, that should never be used as it is only necessary for building... But not checking if an env file is provided, so the whole thing can blow up spectacularly.
A nearly 1k long bash calculator for system limits, reading out all kinds of stuff from /proc and /sys, seemingly partially stolen from NGINX Docker.
Declaring and starting an own DNS Server to bypass the Docker DNS service inside an docker container.
Mkfifo fun for creating several stdout and stderrs for seemingly no reason...
Actively not using bash, instead of creating shell only functions to emulate bash...
I could go on.
But really. I'm getting too old for this shit.3 -
As usual a rather clickbait title, because only the chrome extensions (as always) seem to be vulnerable:
"Warning – 3 Popular VPN Services Are Leaking Your IP Address"
"Researchers found critical vulnerabilities in three popular VPN services that could leak users' real IP addresses and other sensitive data."
"VPN Mentor revealed that three popular VPN service providers—HotSpot Shield, PureVPN, and Zenmate"
"PureVPN is the same company who lied to have a 'no log' policy, but a few months ago helped the FBI with logs that lead to the arrest of a Massachusetts man in a cyberstalking case."
"Hijack all traffic (CVE-2018-7879) "
"DNS leak (CVE-2018-7878)"
"Real IP Address leak (CVE-2018-7880)"
9 -
Domain server goes down, it's the gateway and DNS too.
Ok I'll just remove the domain, it's been orphaned really since you went to the cloud.
Don't have local admin password.
Ok call old it company who set up gear
Out of business
Ok boot to Linux and reset
Usb boot locked
Don't have bios password
Call old it company
Still out of business.
Wait, can I just set manual ipv4 ? Ok domain without a domain controller... If it works it works.2 -
While spending time with my girlfriend and son in Moscow, I tried to reach back to some recruiters on LinkedIn .. but there is no access from Russian dns!! I can't even make the app work!!9
-
Customer complains that the deployed desktop app is slow at site x.
I check it out with users at site x, and indeed, it does have a delay when trying to connect to a share on a server.
Checks with users at site y and z, no issues.
After a bit of digging, the resolve of a DNS record is most likely the culprit.
Send the ticket to the customer network team to investigate.
Get it back after an hour.
"We have pinged the DNS name, and it responds fine, there must be a bug in the application".
Oh and also, I wrote this rant at work, in my head, with a lot more cursewords involed.3 -
Secretly installed Automate app on my friend's Android phone to mess with him. (For those who don't know, with Automate you can automate anything on an Android device).
Made a 'flow' that would read his incoming sms's, and send an email to me with his exact location if I sent him an SMS saying 'where are you?'.
Was funny to mess with him and tell him his exact location even though we were miles apart.
Cleared it up for him a while later but it made me feel like #hackerman8 -
I just got an email that a client changed their DNS zone files to point at a new server. Turns out that they haven't set the server up yet. Client is wondering why that domain's emails aren't working, and why their site is down. They didn't want to give me the Domain's portal login credentials until now, because they "could do it without [me]." Tomorrow morning should be fun.4
-
Last night I had a panic attack and woke up in cold sweats because in the dream I had I was constantly using the wrong variables in the wrong places...
-
Running WireShark to see what one of our partners is sending across.
Outdated TLS: Ok, that's par for the course.
Leaking data through DNS queries: ButWhy.jpg
Website leaked through DNS doesn't require auth to view information. TableFlip.jpg2 -
me: *hosting docker registry for our team*
me: *sets up ssl and cloudflare dns and shit*
me: *tries to push to registry*
my pc: *413 rEQuEst EnTITy tOo LarGe*
me: *spends 4 hours scrutinizing the shit out of my nginx configs*
me: *finally finds cloudflare sitting there rejecting all of the requests... that cheeky bastard* -
I absolutely love the dev community but one thing I just can't stand is the snobbery that permeates it. I don't understand why some devs expect non devs to know or understand the intricacies of computer programming or even computers in general when it's really not their job to do so.
"Ahhhhh!! How DARE this non dev PEASANT ask me about hacking Facebook accounts!! Does he NOT understand the basics of DNS spoofing and social engineering!!1!!1! bahh"2 -
Alright,
I recently installed pi-hole...
Everything was immediately perfect.
So, about two days later, I install a linux system... Hadn't had one when I setup my pi-hole. (Well, no Linux with desktop environment...)
So... Now I had error messages in Chrome... Connection change detected. The page didn't load, 3 seconds later it loaded. Many pages had to be reloaded.
And I focused my Google-Fu on issues connecting to pi-hole. Some issues where there, referring to Safari and pi-hole, but none for Chrome or/and Linux.
But what's a pi-hole? A DNS Resolver/Non-authoritive server and a DHCP server...
Maybe I haven't turned off my router's DHCP server correctly. So, wireshark... "bootp or dns" filter...
All dns communication is perfect, via UDP and from the pi-hole to my machine, not from the router. No DHCP messages from my router either...
Almost accidentally I found a page speaking about this issue. Had nothing to do with the pi-hole. Timing was a coincidence. Had everything to do with IPv6. Somehow that's switching over. Even worst, after reading that, I remembered I had the same issue in the past. I just forgot.
Turning off IPv6 was the solution. And fuck. Let this be a PSA: "Confirm your bloody assumptions when troubleshooting/debugging or waste time like an idiot... Just like me..." -
Who thought it would be a good idea to limit the length of a dns record to 255 chars?
Is one really not allowed to use a proper dkim key in 2018!
The funny thing was that they just cut off the rest without informing the user!
Had to convince the guy to switch dns „provider“9 -
Just found a nice hosting provider that actually have some customers in the taxi and transport segment.
The provider offer emailsservices, webhosting, dns services. So far so good.
The only problem that I can find here is that everything is hosted on one single IP.
The DNS-servers, the mail server and webserver is one fucking server.2 -
The best thing about perl is it doesn't care about errors and really tries to do what you ask, without throwing exceptions.
The worst? It does exactly what you ask, no matter how insane.
Typed $arri[ $0 ] instead of $arr[0] inside a function that detected what changes were needed in dns zones. $0 is script name and path, strings are converted to integers as needed and there's a little thing called vivification.
You see where this train wreck is going.
Also my dog died today.
Got to love Mondays :/11 -
Client is setting up Google Suite, needs me to create a TXT record. She sends me a screenshot of the record that needs to be created, so I ask her to copy/paste the record values .... she copy and pastes the URL and sends that to me. I ask again for her to copy the values in the fields on the page and send them to me ... she sends me another screenshot. How do these people get through a day?3
-
That lovely moment when a client calls out of the blue at 4:30PM (we close at 5), 3 weeks before scheduled launch and says, "My website goes down tomorrow so where are we at with the new site?" So...I scrambled all day today to get the site done and it turns out they don't even own their domain or control their DNS. (facepalm) They put in a 30 day cancellation with their current provider and didn't bother to mention we had barely 2 weeks to develop a full custom site.7
-
Network manager: administration just canceled our domain registration 2 months before schedule.
Boss: uh.. OK... but can't we make a script to route traffic from www.canceled.com to our server?
Me: that's not how DNS works ( proceed to explain how DNS works )
PS: boss is lead developer... wtf?2 -
Sometimes I have to work with physical hardware. There are over 300 machines in our lab, split among two subnets. But for some reason, I can never access my machines by hostnames.
Every other week, there's an IP conflict on this network, requiring me to log into the active directory server and delete old DNS entries. This usually happens because someone decided to deploy 64 VMs on a huge server, all at once, didn't boot them with a delay, let alone with with a warning to IT.
Then when my superior asks how my progress has been and I respond with "I can't even get the machines to ping each other by hostname, there's something wrong with the DNS:, I get the following response: "HOW COME NOBODY ELSE IS HAVING PROBLEMS WITH THIS. YOU'RE FULL OF SHIT", from someone who spends 90% of the year abroad, working remotely.5 -
I have been playing around with coinhive because I really like it's concept. Pretty cool so far.
Does anyone here have experience with it? What are your thoughts?
Also.. why can't pihole let me whitelist wildcard domains?? I hate having to disable my DNS server every time I want to test the miner.. I guess I will just have to make a pihole / ftl plugin for it..5 -
Either CloudFlare itself has decided to join the fun of attacking my DNS server, or somebody is just spoofing their IP in the UDP packets.
Crap, my ipset script is basically useless now, since the real source could be from anywhere :(
Any suggestions on what could I do to make this attack stop? It's not causing any real issues (at least for now), but it's still annoying as hell.
Get fucked, stupid skiddie who keeps manually changing the ip source in his script
10 -
Wow so WindScribe VPN apparently now has DNS ad blocking sort of like PiHole.
So no more annoying popups and video ads... Or messages from the sites saying I'm using an ad blocker!
And the kicker is I bought a life time subscription for $40 a few years ago.
Guess they were able to grow nice and big.9 -
So I my boss told me about an interview ha had for a new account manager position.
${BOSS} so can you tell me about your knowledge with DNS and DHCP?
${GIRL} I have no idea, I dont listen to West Coast rap
${BOSS} ...5 -
OH MY GOD, i cant believe this is my 25th day without a job... why!!!! not with all the kubernetes and node js and javascript that i know. lol. not to mention golang and python and all the networking stuff, dns, aws etc. lol where are all the recruiters when i need them?!!!!8
-
Week this is bad, how can Mozilla say this is for better Security? Shit 💩💩💩🖕🖕🖕
https://blog.ungleich.ch/en-us/cms/...4 -
Well. Fuck.
A sunny monday morning. The sun almost glimpsing over the horizon. I'm on my way to the office, taking a breath of fresh cool air. It is infused by the scent of sweet pastries.
I reach the office, but something is different. Why is the door slightly opened? Carefully I grab the door handle. I do my first step past the doorframe and wooosch. Thick and sticky stuff is running done my spine, finding it's way through my clothes. I feel so un-fucking-believably dirty in this very moment.
This should give you an impression how I felt when I had to change a DNS record in this completely broken setup for just a matter of seconds until the letsencrypt client renewed the certificate.
I'm feeling seriously dirty.1 -
How can I use a custom DNS server on my schools network?
They seem to block any DNS that isn't their own. I've tried 8.8.8.8 and the new cloudflare one. Both blocked, it's a real issue because their default dns dies for about a minute every 12/24 hrs causing my VPN to go down.
How do they even block external DNS servers?5 -
Since a few days I have my first dev job in a small it company. At my first day I directly stared to implement a rest api for managing dns servers.
Today I completed the prototype and all works well. What a feeling :)5 -
Webmin because why not ✓
Lamp stack ✓
Dynamic DNS client ✓
PhpMyAdmin X
Dear DigitalOcean. SINCE WHEN do you consider a PMA installation
without Https SECURE?
And why the fuck do you make me install an aptitude package that skips both file system AND Apache config cleanup on purging?
It's just a raspberry, but if it runs lamp I want PMA, and if it runs anything, I want Https. Is that too much to ask for from a tutorial source otherwise so reliable that I do anything you say without a questioning thought?8 -
I've been wondering why I have such big issues with DNS propagation on a website I moved - I just checked and somebody modified the old A record to have TTL of... 7 days.
Jesus fucking christ, why?3 -
the coolest project was mine: a dynamic DNS like dyndns, wrote in scala, an API layer in ruby and a lot of sysadmin stuff like ospf any cast. A big technical success, a total financial failure... but I enjoyed and I learned a lot!
-
Kubernetes is a breeze they said. Now I‘m sitting here for several hours trying to find out why my pods randomly fail to resolve domain names.
Coming along my adventure: broken systemd configs, systemd-resolved stub causing loops, broken k3s modules and finding out that busybox‘s nslookup is broken for versions greater than v1.28.4.
50 issues later, I figured out that the dude who setup the corporate network (where the machine in question is located) uses two nameservers: one to resolve the internal routes and one for all the external domains. Luckily, coredns randomly picks a nameserver for each request. Therefore, sometimes queries for external domains reach the nameserver dedicated to the internal network which then answers with NXDOMAIN.
I hate networking so so much...4 -
School, if you're gonna define a custom local DNS for your networks, maybe make sure it's healthy?
2 -
Mozilla will update the browser to DNS-over-HTTPS security feature to all Firefox users in the U.S. by default in the coming weeks.
According to the report of TechCrunch : Whenever you visit a website ; even if it's HTTPS enabled, the DNS query that converts the web address into an IP address that computers can read is usually unencrypted. DNS-over-HTTPS or DoH encrypts the request so that it can not be intercepted or hijacked in order to send a user to a malicious site. These unencrypted DNS queries can also be used to snoop on which websites a user visits. The feature relies on sending DNS queries to third-party providers such as Cloudflare and NextDNS which will have their DoH offering into Firefox and will process DoH queries. Mozilla also said it plans to expand to other DoH providers and regions.13 -
Oh man setting up postfix and dovecot (plus things like rspamd) is a pain in the ass.
But it's worth it, having your own mail server is just quite a good feeling.
Now I just need to find out how to get it to pass the spam filter of Google, despite the server and the DNS zone being well-configured (better than my school's mail server according to tests, but that one still manages to pass. I have no idea why.)9 -
Don’t ring me up all nasty asking why these other domains that you never told me about don’t “work”... and you don’t have dns access ‘cos you don’t know what it is and I need to speak to some geezer from another company that you fired. FUCK OFF, now I have to do some whois fishing to find out the shit you are blaming me for.1
-
For all the privacy focused people out there, Cloudflare and APnic announced (about 2 days ago) that they created a privacy-first super fast dns server (1.1.1.1 and 1.0.0.1)
https://1.1.1.1/3 -
!rant seems that my raspberry pi serial idea is a little bit complex at the moment and may take a more serious turn later, but I have studied and found DOS based TCP/IP software that will allow me to use my 5150 with actual Ethernet. There are a few 8bit ISA Ethernet cards that will work in the 5150 and separate executables that will configure DHCP, DNS, and even allow me to use a terminal emulator and SSH to connect to *nix based computers over lan! I'll keep you all posted!
6 -
About 5 years ago I worked at a small company developing websites and .NET applications.
They haven't changed any passwords which means, I still have access to ALL of their customers DNS setups.
Of course I wouldn't do anything.
But just the thought, that I could make an infinite loop, by redirecting the domains, is amazing.
Or redirecting them to a porn site.3 -
I already wrote a rant about this yesterday, but since I'm a sysadmin trying to convert to dev.. I dunno, maybe it's not a bad idea to muddy the waters a bit and talk about why not to be a sysadmin.
Personally I think it's that the perceived barrier to entry is just too high, while it isn't. You don't need a huge Ceph cluster and massive servers when you're just starting out. Why overbuild an appliance like that if it's gonna start out at maybe 5 requests a minute?
Let's take an example - DNS servers! So there's been this guy on the bind-users mailing list asking how to set up a DNS server on 2 public servers, along with a website. Nothing special I guess - you can read the thread here: https://0x0.st/ZY-d. Aside from the question being quite confusing, there was advice to read RFC's, get a book, read the BIND ARM, etc etc. And the person to deny this? No one less than Stephane Bortzmeyer, one of the people who works for nic.fr (so he maintains the .fr TLD) and wrote some of those RFC's as part of the DNSOP working group in the IETF. As for valid reasons to set up a DNS server? Could just be to learn how the DNS works, or hell even for fun. As far as professional DNS servers go.. this (https://0x0.st/ZYo9) is the nugget that powers the K root server, one of the 13 root servers that power the root zone of the internet, aka the zone apex. 2 RJ45 connections, and a console connection. The reason why this is possible is the massive recursor networks that ISP's, Google DNS, Cloudflare DNS, Quad9, etc etc provide. Point is, you don't need huge infrastructure to run a server!
Or maybe your business needs email. How many thousands of emails per second are you gonna need to build your mail server against? How many millions will you need to store? If your business has 10 employees and all of those manage about 10k emails total.. well that's easy, 100k emails total. Per second? Hundreds of emails per second per employee? Haha, of course not. Maybe you'll see an email a minute at most. That is not to say that all email services are like this - it is true that ISP's who offer email to their customers, and especially providers like Microsoft and Google do need massive mail servers that can handle thousands of emails per second. But you are not Microsoft or Google. So yeah, focus on the parts of email that are actually hard.. and there is plenty.
Among sysadmins you have this distinction between "professional" sysadmins and homelabbers. I don't mind the distinction itself but I think both augment each other. If you've started out by jumping into a heap of legacy at an established company, you will have plenty of resources, immediately high complexity, and probably a clusterfuck right away. But you will have massive amounts of resources. If you start out with a homelab, you will have not many resources, small workloads, and something completely new for you to build and learn with. And when running a server like that, you'll probably find that the resources required are quite small, to provide you with your new services. My DHCP servers take 12MB memory each. My DNS servers hover around the 40MB mark. The mail server.. to be fair that one consumes around 150. But if you'd hear the people saying that you need huge servers.. omg you need at least a TB of RAM on your server and 72 cores, massive disks and Ceph!1!
No you don't. All that does is scaring people away and creating a toxic environment for everyone. Stop it.1 -
So, update on the ransomware attack on the health ministry in Brazil: wasn't a ransomware.
They just rerouted the DNS.
Apparently they've been trying to issue a vaccination passport, and the federal government has been pissy about it. And now everyone appears as unvaccinated. What a fuckin coincidence huh5 -
Firefox will be enabling dns over https by default in the near future for all its users
https://forbes.com/sites/...5 -
Fave IDE: Rube-Goldberg Distributed Physical Editor (RGDPE)
- 3x5 note cards, rite aid brand
- pilot rolling ball gel pen
- white out
- a scanner with OCR, email
- a raspberry pi running a local email server and dns
- a raspberry pi running an SMTP receiver and language service and a handler to invoke the compiler
- a speak and spell to print out the language service results
Why: why not?3 -
The sorting button on devRant's feed page is just Gilfoyle's tattoo twice, once upside down like Dinesh says.
3 -
DNS ove TLS might come just in time for the Netherlands (if we're lucky).
https://xda-developers.com/android-...5 -
Scaled custom help desk software across 5 school districts. Way harder than it sounds when you realize that we needed a tunnel to get an external site working, complex routing to get the servers to communicate with one another without exposing one districts network to the others. And I also made it auto deploy on a successful CI test. The only thing that really perfectly worked on the first try was the database (CockroachDB). Everything else was a complete mess of DNS and routing rules.2
-
Nude and stranded while fighting off a group of polar bears and wolves in the Arctic, or attempting to try and explain to a web designer what glue records are and why their DNS is fucked...
Easy choice 🌫❄⛄🐺🐧 -
EVERY FUCKING TIME I HAVE TO ASK FOR SOME DNS CONFIGURATION OTHER THAN A SINGLE "A" RECORD THE TI HEAD MANAGES TO FUCK UP...
WHAT THE FUCK IS SO HARD DUDE???
CNAME? OK!
FUCKINGSUBDOMAIN > FUCKING.ALIAS.COM
THIS TIME OUR FUCKING PROVIDER CANT MANAGE ROOT DOMAIN CNAMES SO WHAT DID HE DO?
SIMPLE SAID "ALL DONE" AND ONE WEEK LATTER PEOPLE ARE COMPLAINING BECAUSE THE FUCKING ROOT DOMAIN ISN'T WORKING...
COME ON DUDE, JUST KILL YOURSELF.
AND FOR THE FUCKING MILLIONTH TIME: DOMAIN REGISTAR AND DOMAIN MANAGER ARE TWO SEPARATE FUCKING THINGS! YOU CAN REGISTER YOUR FUCKING DOMAIN ON GODADDY AND MANAGE IT ON FUCKING CLOUDFLARE BY CONFIGURING THE FUCKING DNS SERVERS5 -
What is with IT and their obsession with error messages?
"If there is no error message, I cannot help"
Your not going to get an error message because the problem is VPN is messing up my DNS due to tunneling. There is no error other than me not having Internet if VPN disconnects unless I reboot.2 -
I just found out my router has 2 SEPARATE places where you can specify the DNS servers. So I changed one place but not the other, and they don't seem to be linked! Such bullshit design.2
-
Ugh, since I bought a few domain names, and thus my contact details are public (grrr), I get stupid quotes from people around the world going like: "Hey! I'm a web dev specialised in [insert technology here], I want money! Contact me!", or "Hi, I am [redacted], we are a talented agency in [cuntry] and can offer you the best in web development blablabla".
The only help I need is "fuck off".
It feels like I'm taking a dump in a public toilet and people knock on the door willing to help me clean my ass for me.2 -
I have a gitlab instance behind a reverse proxy at gitlab.mydoman.pizza (yeah my TLD is .pizza 😎🍕). I have a personal site hosted on GitHub pages. I have a CNAME record in GitHub repo pointing to mydomain.pizza. I have 4 A records on my domain registrar pointing to the GitHub pages server IP addresses. now both mydomain.pizza and myusername.github.io both go to my gitlab instance??¿¿ what the fuuuuuckkkkk?¿?¿1
-
Today I wrote a python messenger bot which listens to only one command;
get ip
It then replies with its public IP address. I figured this would be the easiest hotfix until I fix my dynamic DNS client.
Now thinking of it I could also make an "update domain" command for doing the API call, and then link the two with a loop and minute delay. Marvelous.4
