dead.letter

A technical blog focusing on Linux, FreeBSD, DNS, security and virtualization.

2005-10-27

Survey Results Expose Widespread DNS Vulnerabilities

Interesting CircleID topic regarding a recent survey on DNS name server vulnerabilities. The results and types of checks are remarkably similar to the root DNS analysis I did back in October 2003.

Labels: ,

posted by delimiter @ 7:55:00 AM 0 Comments Links to this post

2005-10-18

Troubleshooting dynamic DNS updates

Today I discovered how difficult troubleshooting dynamic dns updates can be. Bind9's update logging does not quite cut the mustard with regard to dynamic dns updates because it does not show WHAT is being updated (i.e. the actual record). It only shows what zone is being updated (or denied) and the source IP.

Oct 18 13:44:11.127 update: info: client 1.2.3.4#3672: updating zone 'example.org/IN': deleting an rrset
Oct 18 13:44:11.128 update: info: client 1.2.3.4#3672: updating zone 'example.org/IN': adding an RR

A better way to see what record is being updated is to run tcpdump on the master server. Make sure to use -vvv or you won't see as much.

NOTE: The master server is the host listed in the SOA record MNAME field of the zone being updated.

# /usr/sbin/tcpdump -vvv host client and port 53
13:36:59.782156 client.2134 > server.domain:  62112 update [1a] [2n] SOA? example.org.
 xyz-123.example[|domain] (ttl 128, id 43189, len 129)
13:36:59.782779 server.domain > client.2134: [udp sum ok]  62112 update [0q] 0/0/0 (12)
 (DF) (ttl 64, id 65019, len 40)

The record is shown in the SOA query.
In my environment we have configured our DHCP servers to send the updates on the behalf of the clients.

Labels:

posted by delimiter @ 1:41:00 PM 0 Comments Links to this post

2005-10-10

VMware benchmarks pulled

Due to a recent discovery that VMware censors their customers' freedom of speech, I have pulled my benchmarks showing Xen vs. ESX comparitive analysis. I do not like to be sued.

If you must know, Xen beat ESX hands down in performance. I have the data to prove it.

See Xen's official performance analysis for a legally-safe alternative. They were able to publish only because they used an older version of VMware (Workstation 3.2). The quote that tipped me off was "the latest version of any VMware product which allows the publication of comparative benchmarks".

The VMware ESX license agreement can be found here. The license states "you may not disclose the results of any benchmark test of the Software to any third party without VMware's prior written approval".

Sounds like they don't want the public to know their product might be inferior - at least in terms of performance.

Labels:

posted by delimiter @ 8:22:00 AM 4 Comments Links to this post