Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

On 05/05/2012 08:01 AM, Falk Husemann wrote:
> There is also this page with our T2 test script-cgi:
> http://wiki.opennicproject.org/AutomatedDnsServerTesting

I just updated that page with more recent information and corrected
links.  The code can be made available, but the code that performs
individual server testing may be more legible.

> Is that scripts source available? I'd like to add some secure
> configuration checks and maybe tinker around with a weathermap for summary
> information. I think of a map of the opennic project made in graphviz or
> compareable, that shows the current hierachy of T0-T1-T2 with short
> summary boxes below them for integrity and security checks. It could
> incomporate the following:
>
> - Availability %
> - Port Randomness?
> - Version hidden?

I'm not sure if this is useful for your project, but since you mentioned
maps, I wanted to point you to the GeoIP map project I worked on last
year -- http://opennic.oss/geomap/geomap.php
This could be useful for any map projects, as I have already worked out
the scaling for the lat/lon placement of positions on the map.

> Is there a authoritive source for T1 and T2 servers? Is it in the glue
> zone? I guessed that dns.opennic.glue lists all T2.

From linux...
T1 servers: dig opennic.glue NS | grep IN[[:space:]]A
T2 servers: dig dns.opennic.glue AXFR | grep IN[[:space:]]A | grep -v
^dns.opennic.glue
TLD list: dig +short TXT tlds.opennic.glue

> What affirmation process is needed to be able to do
> portscans/vulnerability scans with the OpenNIC servers? This can be used
> to determine further security recommendations. AFAIK non attack preparing
> portscans are legal from my country, but Id like to discuss this first, to
> not hurt anyones feelings :)

If you are doing in-depth testing that would normally trigger firewalls
or IDS, it would be best to limit this in the final version.  However if
you need to check the results of a particular test as you develop your
script, ask one of us on IRC, and we can let you know of any ill results
or remove any firewall blocks that occur from your testing.