Discuss mailing list

[josen AT mx.paketsequenz.de]

Hello,

I just added me to the AuditingWG (like the wiki and purrdeta said) and
did a rough version of the requested root hints check for all T2. Maybe
someone can proof-read the script?

http://wiki.opennic.glue/Verify_the_._NS_records_in_each_T2

I read there about a running Nagios installation to monitor the
infrastructure? Where is it located and what does it check for?

There is also this page with our T2 test script-cgi:
http://wiki.opennicproject.org/AutomatedDnsServerTesting

Is that scripts source available? I'd like to add some secure
configuration checks and maybe tinker around with a weathermap for summary
information. I think of a map of the opennic project made in graphviz or
compareable, that shows the current hierachy of T0-T1-T2 with short
summary boxes below them for integrity and security checks. It could
incomporate the following:

- Availability %
- Port Randomness?
- Version hidden?

Is there a authoritive source for T1 and T2 servers? Is it in the glue
zone? I guessed that dns.opennic.glue lists all T2.

What affirmation process is needed to be able to do
portscans/vulnerability scans with the OpenNIC servers? This can be used
to determine further security recommendations. AFAIK non attack preparing
portscans are legal from my country, but Id like to discuss this first, to
not hurt anyones feelings :)

Greets,
Falk