DNS trouble shooting for beginners

Introduction DNS generally just works (at least as far as you’re concerned), which is good as the internet would be far less fun without it. However this does mean that many people don’t really know how to tell if a problem is a DNS error or something else – this makes life difficult for support desks and even worse causes work for DNS admins. It needn’t be so! Telling if something is a DNS issue is actually quite simple, and trouble shooting it isn’t much more difficult. To start with there are really only a very few ways that DNS can go wrong ( from a user perspective – from an admin perspective DNS can go wrong in many and varied ways ). Not responding at all Returning the wrong data Not returning a record when it should That from an end users point of view are really the only… Continue reading

Shell access via PDNS LUA

I’ve been spending a bit of time playing with the LUA functionality of Power DNS, it was inevitable that I got round to implementing a generic shell over DNS. It’s not very polished it doesn’t like interactive commands or commands with odd characters and it is more insecure than a very insecure thing that isn’t very safe. It is however a surprisingly short amount of code for what it does. There are a very few circumstances I can think of where a very restricted version of this might be useful, but really there’s always going to be a better and more sensible option. However it’s an interesting proof of concept and more importantly it was fun. If you don’t understand this code do not use it , if you do understand this code you know why you don’t want to use it. The code as shown below won’t actually work… Continue reading

Credential free, anonymous system access

I suspect that in this day and age where very few services are made available via telnet and SSH that this document is of limited use. However I need the notes and it may help out someone else. Anonymous access to services these days isn’t that common, and the traditional approach has always been to use a published username and password. I’ve never been that keen on such an approach as it means the account has to have a valid password and thus be locked out of every other service on the machine, also it means that you present a slightly greater window for people to try to send you malicious data. Because of this I rather prefer to just not ask for credentials on public services. So if you want to allow people to connect to a system via SSH or telnet (Yes I know telnet isn’t secure and… Continue reading

Yet another “How to Chroot” article

There are loads of “how to set up chroot” guides out there, and this is yet another one as I had to piece together quite a few to get things to work they way I needed them to and to my liking. So as I need to make notes for when I inevitably need to set this up again I figure I may as well share those notes. Hopefully this well be a suitably idiot guide. This is written for a Ubuntu system so on other systems your mileage may vary. The basics I’m going to break this down to the first steps that are vital for getting any chroot jail to work and then look at making it useful. But even these basic steps could probably be made even more minimal if you really wanted to. For the purpose of these notes just assume that every command is either… Continue reading