Discuss mailing list

[Falk Husemann <josen AT paketsequenz.de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

I just added me to the AuditingWG (like the wiki and purrdeta said) and
did a rough version of the requested root hints check for all T2. Maybe
someone can proof-read the script?

http://wiki.opennic.glue/Verify_the_._NS_records_in_each_T2

I read there about a running Nagios installation to monitor the
infrastructure? Where is it located and what does it check for?

There is also this page with our T2 test script-cgi:
http://wiki.opennicproject.org/AutomatedDnsServerTesting

Is that scripts source available? I'd like to add some secure
configuration checks and maybe tinker around with a weathermap for summary
information. I think of a map of the opennic project made in graphviz or
compareable, that shows the current hierachy of T0-T1-T2 with short
summary boxes below them for integrity and security checks. It could
incomporate the following:

- - Availability %
- - Port Randomness?
- - Version hidden?

Is there a authoritive source for T1 and T2 servers? Is it in the glue
zone? I guessed that dns.opennic.glue lists all T2.

What affirmation process is needed to be able to do
portscans/vulnerability scans with the OpenNIC servers? This can be used
to determine further security recommendations. AFAIK non attack preparing
portscans are legal from my country, but Id like to discuss this first, to
not hurt anyones feelings :)

Greets,
Falk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPpTKeAAoJEPPG1NATKThtpGAIAL6NGMZvjkpDpzlzOFlwW39E
jVTIVQmp6Zc96nxBdxykKJ3WJ7CrQ2udA5LzE+/Sr1EzAnfP0QKCcn9WV3NAJ7HP
43/hy+LW4KM7484KGHBrxPMvnNs+82OMK8LEVztBmqhTevGVlfYkqEjFINKLVw6y
hZOR4lVR9GPurrQHyWKb4kWN7WHhb3ZdgUOXSHEnWECQaZxHt3FwavHd9a83igWy
u5aNtR8ZwvfkI+3rOMzKAwCSUUFiUrsVE9TG0IzbJuTFIz6BbKkyRWHJp//Yyjme
PhPwTz5ycEFUUP3prFD1TVx9rMeRxkkdiG30GJ5Z0PO8rx3wIbTFhwJEPyaBugc=
=OyAN
-----END PGP SIGNATURE-----