Frederic Cambus

My online presence.

Special DNS Zones for Testing Purposes

Domain hosting some seldom used resource record types :

More information about available resource records to query can be found here.

dig statdns.net LOC +short
52 22 23.000 N 4 53 32.000 E -2.00m 0.00m 10000m 10m

dig _443._tcp.www.statdns.net TLSA +short
3 0 1 E1BFAE80B9B0B4220DDB6940925CEA0FA51D5D11C645DB95584086FB 71C542F2

dig statdns.net NAPTR +short
100 100 "u" "E2U+web:http" "!^.*$!http://www.statdns.net!" .

Deliberately broken domains :

Unreacheable Name Servers :

dig lame.broken-on-purpose.generic-nic.net SOA

; <<>> DiG 9.8.3-P1 <<>> lame.broken-on-purpose.generic-nic.net SOA
;; global options: +cmd
;; connection timed out; no servers could be reached

A zone always returning a SERVFAIL :

dig lame2.broken-on-purpose.generic-nic.net SOA

; <<>> DiG 9.8.3-P1 <<>> lame2.broken-on-purpose.generic-nic.net SOA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 41095
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

Zones with dangerous records :

These zones contains special characters and malicious content :

dig dangerousrecord.broken-on-purpose.generic-nic.net MX +short
0 dangerous<name.broken-on-purpose.generic-nic.net.
10 dangerous{name.broken-on-purpose.generic-nic.net.
20 dangerous\"name.broken-on-purpose.generic-nic.net.
50 dangerous'name.broken-on-purpose.generic-nic.net.
60 dangerous\"name.broken-on-purpose.generic-nic.net.
70 <script/src='http://www\.skullsecurity\.org/test-js\.js'></script>.broken-on-purpose.generic-nic.net.

dig dangerous\<name.broken-on-purpose.generic-nic.net TXT +short
"To crash XML output"

dig dangerous{name.broken-on-purpose.generic-nic.net TXT +short
"To crash JSON output"

64 kilobytes TXT record :

dig txty.forfunsec.org TXT +short
"beginyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy"

[TRUNCATED OUTPUT]

"yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyend"

It’s interesting to note that some DNS resolvers such as Google Public DNS returns an error when queried for this particular record :

dig @8.8.8.8 txty.forfunsec.org TXT
;; Truncated, retrying in TCP mode.
;; communications error to 8.8.8.8#53: end of file

dig @8.8.4.4 txty.forfunsec.org TXT
;; Truncated, retrying in TCP mode.
;; communications error to 8.8.4.4#53: end of file

Domain name with a maximal sized label :

dig 'this-right-here-is-a-maximum-sized-label-of-sixty-three-octets!.huque.com' TXT +short
"domain name with a maximal sized label" "for testing purposes"

Testing DNS Resolvers

Checking the IP address of the DNS resolver in use :

These servers will reflect the IP address of the host querying them.

dig whoami.akamai.net +short
149.20.64.20

dig whoami.ultradns.net +short
149.20.64.20

Checking if your own local DNS resolver is open :

This one is pretty much self-explanatory.

dig amiopen.openresolvers.org TXT +short
"Your resolver at 175.45.176.1 is CLOSED"

Checking your resolver’s source port behavior :

A test server allowing to check resolver’s source port randomization, and grading them (either POOR, GOOD, or GREAT randomness). More information here.

dig porttest.dns-oarc.net TXT +short
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"149.20.64.20 is GREAT: 71 queries in 37.0 seconds from 71 ports with std dev 19761"

DNS Reply Size Test Server :

A test server allowing to identify resolvers that cannot receive large DNS replies. More information here.

dig rs.dns-oarc.net TXT +short
;; Truncated, retrying in TCP mode.
rst.x4091.rs.dns-oarc.net.
rst.x3837.x4091.rs.dns-oarc.net.
rst.x3843.x3837.x4091.rs.dns-oarc.net.
"149.20.64.20 DNS reply size limit is at least 4091"
"Tested at 2013-05-16 18:00:19 UTC"
"149.20.64.20 sent EDNS buffer size 4096"

Taiwanese BBSes and Unicode ANSi Art

Ever since I discovered Unicode based ANSi art and the existence of Taiwanese telnet BBSes making heavy use of it, I wanted to learn more and explore this different and exotic textmode world. As these BBSes are in Chinese language it was not that easy to figure out how to create an account, but using some logic and a bit of patience, I was able to log in and take some screenshots.

For doing so, I used LunaTerm, a terminal emulator client for Android with built-in Telnet and SSH support. It’s a really neat and well thought application allowing to trigger the arrows and enter keys using gestures and to toggle virtual keyboard display using volume control keys, making it very efficient for BBSing.

Here is a selection of screens from PTT and PTT2 systems, boasting some very interesting and mysterious Unicode ANSi art. More information about these systems can be found on Wikipedia. There was even a PTT3 system at some point but it seems to be down at the moment, I have no idea if this is permanent or temporary. If it ever comes back online, I will do another round of screenshots.

PTT Login Screens :

PTT PTT

Playing With Nginx GeoIP and Substitution Modules

In this tutorial, we will build a site displaying the visitor IP address and geolocation by leveraging the power of nginx GeoIP and Substitution modules. If you are using Debian stable, the default nginx package have these modules compiled-in. In case you are using backports, then installing either nginx-full or nginx-extras will do.

We start by fetching and unpacking the GeoIP Country and City databases :

mkdir -p /usr/share/GeoIP
cd /usr/share/GeoIP
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip *gz

We now edit nginx.conf to add directives specifying the path to the GeoIP database files, within the http block :

1
2
3
4
5
6
7

http {

  ...

  geoip_country  /usr/share/GeoIP/GeoIP.dat;
  geoip_city     /usr/share/GeoIP/GeoLiteCity.dat;
}

We then edit the site configuration file to add the following content within the location block :

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

location / {
  
  ...

  set $location $geoip_city_country_name;

  if ($geoip_city)
  {
      set $location "$geoip_city, $geoip_city_country_name";
  }

  set $map "http://maps.google.com/maps/api/staticmap?center=$geoip_latitude,$geoip_longitude&amp;zoom=12&amp;size=640x250&amp;markers=$geoip_latitude,$geoip_longitude&amp;sensor=false";

  sub_filter IP_ADDRESS_PLACEHOLDER</h3>
  '$remote_addr</h3><p><strong>Your location :</strong> $location</p><p><strong>Latitude :</strong> $geoip_latitude</p><p><strong>Longitude :</strong> $geoip_longitude</p><img alt="Geolocation" src="$map" />';
}

The instructions above are pretty much self-explaining : we start by setting the $location and $map variables, and we then use the sub_filter command to insert the generated content within nginx response.

Finally, we create a simple index.html file (note the IP_ADDRESS_PLACEHOLDER text which will get dynamically replaced) :

1
2
3
4
5
6
7
8
9
10
11

<!DOCTYPE html>
<html>
   <head>
      <meta charset="utf-8">
      <title>Playing with Nginx GeoIP and Substitution modules</title>
   </head>
   <body>
      <h1>Your IP address is :</h1>
      <h3>IP_ADDRESS_PLACEHOLDER</h3>
   </body>
</html>

Let’s relaunch nginx and point our browser to our newly created site : if everything goes well, we should be greeted with informations about our IP address, geolocation, and a map.

A slightly more elaborate example is available here.

Nginx Packages in Debian Stable

The latest version of nginx packaged in Debian stable (Squeeze) is 0.7.67, which was released on June 15th 2010 and is thus very old. Starting with Wheezy (the next iteration of Debian stable), there will be several different nginx packages available : nginx-light, nginx-full, nginx-extras, as well as a nginx-naxsi package bundling the NAXSI Web Application Firewall. Each package is being compiled with a different set of modules (including third party ones).

Fortunately, these packages have been backported to Squeeze, and it is now possible to install different flavours of nginx 1.2.1.

The following line should be added to /etc/apt/sources.list in order to enable backports :

deb http://backports.debian.org/debian-backports squeeze-backports main

Below is a comparaison matrix of compiled-in modules for the default nginx version bundled in Squeeze, and for the different backported versions :

Standard HTTP modules :

                       |    nginx    | nginx-light |  nginx-full | nginx-extras
                       |   (0.7.67)  |    (1.2.1)  |   (1.2.1)   |   (1.2.1)
-----------------------|-------------|-------------|-------------|-------------
 Core                  |      X      |      X      |      X      |      X
 Access                |      X      |      X      |      X      |      X
 Auth Basic            |      X      |      X      |      X      |      X
 Auto Index            |      X      |      X      |      X      |      X
 Browser               |      X      |             |      X      |      X
 Charset               |      X      |      X      |      X      |      X
 Empty GIF             |      X      |      X      |      X      |      X
 FastCGI               |      X      |      X      |      X      |      X
 Geo                   |      X      |             |      X      |      X
 Gzip                  |      X      |      X      |      X      |      X
 Headers               |      X      |      X      |      X      |      X
 Index                 |      X      |      X      |      X      |      X
 Limit Requests        |      X      |             |      X      |      X
 Limit Zone            |      X      |             |      X      |      X
 Limit Conn            |      X      |      X      |      X      |      X
 Log                   |      X      |      X      |      X      |      X
 Map                   |      X      |      X      |      X      |      X
 Memcached             |      X      |             |      X      |      X
 Proxy                 |      X      |      X      |      X      |      X
 Referer               |      X      |             |      X      |      X
 Rewrite               |      X      |      X      |      X      |      X
 SCGI                  |      X      |             |      X      |      X
 Split Clients         |      X      |             |      X      |      X
 SSI                   |      X      |             |      X      |      X
 Upstream              |      X      |      X      |      X      |      X
 User ID               |      X      |             |      X      |      X
 UWSGI                 |      X      |             |      X      |      X
 X-Accel               |      X      |      X      |      X      |      X

Optional HTTP modules :

                       |    nginx    | nginx-light |  nginx-full | nginx-extras
                       |   (0.7.67)  |   (1.2.1)   |   (1.2.1)   |   (1.2.1)
-----------------------|-------------|-------------|-------------|-------------
 Addition              |             |             |      X      |      X
 Degradation           |             |             |             |
 Debug                 |      X      |             |      X      |      X
 Embedded Perl         |             |             |             |      X
 FLV                   |      X      |             |             |      X
 GeoIP                 |      X      |             |      X      |      X
 Google Perftools      |             |             |             |
 Gzip Precompression   |      X      |      X      |      X      |      X
 Image Filter          |             |             |      X      |      X
 IPv6                  |      X      |      X      |      X      |      X
 MP4                   |             |             |             |      X
 Random Index          |             |             |             |      X
 Real IP               |      X      |             |      X      |      X
 Secure Link           |             |             |             |      X
 SSL                   |      X      |      X      |      X      |      X
 Stub Status           |      X      |      X      |      X      |      X
 Substitution          |      X      |             |      X      |      X
 WebDAV                |      X      |             |      X      |      X
 XSLT                  |             |             |      X      |      X

Mail modules :

                       |    nginx    | nginx-light |  nginx-full | nginx-extras
                       |   (0.7.67)  |   (1.2.1)   |   (1.2.1)   |   (1.2.1)
-----------------------|-------------|-------------|-------------|-------------
 Mail Core             |      X      |             |      X      |      X
 IMAP                  |      X      |             |      X      |      X
 POP3                  |      X      |             |      X      |      X
 SMTP                  |      X      |             |      X      |      X
 SSL                   |      X      |             |      X      |      X

Third party modules :

                       |    nginx    | nginx-light |  nginx-full | nginx-extras
                       |   (0.7.67)  |   (1.2.1)   |   (1.2.1)   |   (1.2.1)
-----------------------|-------------|-------------|-------------|-------------
 Auth PAM              |             |             |      X      |      X
 DAV Ext               |             |             |      X      |      X
 Echo                  |             |      X      |      X      |      X
 Embedded Lua          |             |             |             |      X
 HTTP Chunkin          |             |             |             |      X
 HTTP Headers More     |             |             |             |      X
 HTTP Push             |             |             |             |      X
 Nginx Development Kit |             |             |             |      X
 Upload                |             |             |             |      X
 Upload Progress       |             |             |             |      X
 Upstream Fair Queue   |      X      |             |      X      |      X

For reference, here is the resulting output of running nginx -V to list configure arguments for all the different packages :

nginx 0.7.67 (squeeze):

nginx version: nginx/0.7.67
TLS SNI support enabled
configure arguments: --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-debug --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gzip_static_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-ipv6 --with-mail --with-mail_ssl_module --add-module=/home/thijs/nginx/nginx-0.7.67/modules/nginx-upstream-fair

nginx-light 1.2.1 (squeeze-backports) :

nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-http_gzip_static_module --with-http_ssl_module --with-ipv6 --without-http_browser_module --without-http_geo_module --without-http_limit_req_module --without-http_limit_zone_module --without-http_memcached_module --without-http_referer_module --without-http_scgi_module --without-http_split_clients_module --with-http_stub_status_module --without-http_ssi_module --without-http_userid_module --without-http_uwsgi_module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-echo

nginx-full 1.2.1 (squeeze-backports) :

nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-dav-ext-module

nginx-extras 1.2.1 (squeeze-backports) :

nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/chunkin-nginx-module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/headers-more-nginx-module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-development-kit --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-http-push --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-lua --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-upload-module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-upload-progress --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-dav-ext-module