Tag: PowerDNS

No comments

RPZs a personal history

  By , , , ,

Ten years ago today at a “secure off site meeting” ( i.e. in the pub ) I asked a colleague if there was any reason why we couldn’t use DNS load balancers to “load balance” bad domains to an address of our choosing. After some thought there didn’t seem to be any reason why we couldn’t do it or why it wouldn’t work. So the next morning as it still seemed like a good idea we added load balancing rules for three choice domains with less than savoury reputation. This quickly proved to be quite a successful tactic so we dubbed it “the naughty step”, and assumed that as it was such an “obvious” thing to do loads of other people must also be doing it. After we’d been going on like this for a while Paul Vixie published his excellent article on taking back DNS, which gave us a… Continue reading

No comments

Hacking “My Cloud”

  By

N.B. Doing any of the things in this document will void your warranty and may turn your cloud into a brick. That said the WD My Cloud box is quite a handy little device and as it’s running Debian Wheezy you can do quite a lot of fun stuff with it. How much you want and can do will obviously depend on what you’re using it for, but keep an eye on load and it’s really quite capable. Back everything up! Frequently! Seriously, I mean it make back ups of all the system files before you start doing anything and make backups after each change. The My Cloud device doesn’t have convenient console access so it’s not too hard to lock yourself out. Though the reset/restore function is actually very forgiving and mainly just loses changes to the /etc/password file. I also suggest putting as many of the files (especially… Continue reading

No comments

Shell access via PDNS LUA

  By , ,

I’ve been spending a bit of time playing with the LUA functionality of Power DNS, it was inevitable that I got round to implementing a generic shell over DNS. It’s not very polished it doesn’t like interactive commands or commands with odd characters and it is more insecure than a very insecure thing that isn’t very safe. It is however a surprisingly short amount of code for what it does. There are a very few circumstances I can think of where a very restricted version of this might be useful, but really there’s always going to be a better and more sensible option. However it’s an interesting proof of concept and more importantly it was fun. If you don’t understand this code do not use it , if you do understand this code you know why you don’t want to use it. The code as shown below won’t actually work… Continue reading