DNS Demystified: Everything You Should Know for Faster Internet!

Dave explains DNS, the Domain Name System, as well as how to benchmark and optimize your own DNS.

Command #1: IPConfig (Windows OS Edition)

The ipconfig command in Windows OS provides essential network configuration details, helping users view IP addresses, subnet masks, and default gateways, vital for resolving connectivity issues. Running ipconfig /all offers extended data such as DNS servers, DHCP settings, and MAC addresses. This command is commonly used in troubleshooting scenarios where network connectivity is interrupted or…

Subnet Sunday: Domain Name System (DNS) - The Address Book of the Internet

Welcome to Subnet Sunday, where we unravel the mysteries of the Domain Name System (DNS) in a fun and entertaining way. In this blog post, we’ll explore how DNS functions as the address book of the internet, connecting websites to their corresponding IP addresses. Using relatable analogies, humorous anecdotes, and a sprinkle of emojis, we’ll make DNS easy to understand for even the most novice…

View On WordPress

canon lawlight with mikami

Sharing my first ever CK Reverse Bang entry!

This one was loosely inspired by conversations I've had with @asphodel-storm @baldwinboy5ive @carmendiazbian and @demetriandelibinaryboyfriends, I thought it was too good of a narrative route to pass up.

The way I was thinking it is that Kyler somehow miraculously lands himself an opportunity to become an IT intern (or entry-level, your pick!) at some rough-around-the-edges business that clearly doesn't do background checks. How will he sell the part? Does he actually know tech shit? Who cares! Kyler's got a job as an IT guy and he's The Guy for the job (apparently)!

@ckreversebang

hey guys come to our death note discord server we talk about L making ur mom jokes is funny silly goofy time

"l lawliet math pickup line >>>" - rowan 2024 (when i was talking about making this post)

in this post (in order of appearance): @niightniines is Nines, i am aqua, @murderedbythoughts is parad0x, and @rowwiz is rowliet (aka rowan) :3

image ID below the cut 👇 please let me know if there's anything i need to change about the description, this is my first time doing an image ID so many feedback would be greatly appreciated.

[Start Image ID

A discord text screenshot, in dark mode with a dark grey background and white text. The messages were sent at 20:33 military time.

The first user is Nines, who has a pink coloured name, saying Nines with a capital N.

The second is Aqua, whose username is light blue, and said name reads [aqua [open bracket] mello my beloved [heart emoticon] [closed bracket] end name description]. This is styled in all lowercase.

The third is Paradox, who's username is yellow, and styled in all lowercase except for the O, which is replaced with a 0

The fourth is Rowan, whose username is purple, and said name reads [rowliet [open bracket] rowan jeevas [closed bracket] end name description]. This is styled in all lowercase.

Messages read: [Start of conversation]

Nines: L made a your mother joke once while they were chained together and Light didn't say anything the rest of the day.

Aqua: YOUR MOTHER? [2x skull emoji]

Nines: light: "what are you working on L." [carriage return] L: "your mother." [carriage return] light: "what..."

Paradox: "damn shame about your dad having to work so hard lately, how's your mother coping? I can help if she needs."

Aqua: real.

Nines: he threw a masked temper tantrum and L saw right through it.

Paradox: absolutely.

Nines: L: "I'm sorry Light, I didn't know that kind of joke would upset you so much." [carriage return] Light: "like I said, Ryuzaki, I'm completely fine, it was just a harmless joke." [carriage return] L: "clearly you're distraught."

Rowan: he used it as an opportunity to fuck with him by saying "hey girl, are you a polynomial function with a degree over one? because i wanna trace the values on your curves." to misa, and light threw him across the room for the fifth time that day.

Nines: LMAO.

Nines: I'm trying to imagine L saying that in his stupid fucking voice.

Rowan: I love his stupid fucking voice, he would so say it.

Nines: musical L's voice actor for extra nerdiness

Paradox (replying to the maths pickup line): the punchline of this hit me like a sack of bricks, i do not know maths.

Rowan: i think i should kidnap both musical and dub L to live in my basement, so i can make them say these things whenever i want them to in exchange for food.

End of conversation. End of Image Description]

discord server drop:

this is just a small hangout server for the community. i'm bad at discord so not sure how well this'll go. we'll just see what happens.

-L

Would you say the DN fandom is getting more toxic in recent years or has it always been like this? Last time I was here it was over half a decade ago and now I've come back and people are being more aggressive to eachother then before. Especially over ships. I've been and still am extremely into Lawlight (one of my main otps fr fr) but I've been seeing Lawlight shippers be so mean to other (much smaller) ships lately as well as really elitist about "the proper way to enjoy DN" which I don't remember happening this much before. Makes me feel second hand embarrassment as a Lawlight shipper ngl. Was it always like this? Or am I just being dramatic? Asking since you've been here for wayyy longer then me.

Hiya! So the last time you were participating in the fandom was 1/2 a decade ago and would've been around 2019ish?

To be honest I don't feel like I've noticed a HUGE uptick in toxicity or anything, but maybe I'm just not seeing the same posts you are or interacting with the same people as you are?

Honestly the main difference I feel now vs. back then are just that I don't feel as involved in the fandom in terms of answering people's asks about the series or fielding their jokes and takes every day in my inbox and whatnot (I used to get those kinds of asks basically every day, like not just about lawlight but about analyzing the story itself and all that, now I probably only get a couple DN asks a month?) And I am not really sure if that's just because I myself am less involved / not posting much DN content of my own or being exclusively just a Death Note blogger now, or because the fandom is smaller and less active, or moving more to other social media platforms, or just a mix of things? I feel like I'm a bit out of the loop because of that.

Also, my memories of the Tumblr DN fandom in 2019 were kinda that it was MORE dramatic sometimes than I find it now, as in I remember around then there was a small group of people who had really intense stances on certain things and loved to vaguepost about anybody who they didn't like and also dogpile with anon hate on bloggers they would agree to target together in their server or something. I thankfully haven't seen much of that lately, either because those people and I all blocked each other or they've just moved on.

The least dramatic and most laid-back and memey the DN Tumblr fandom ever felt to me was before that, around 2017-2018 maybe. Nowadays I'd say I don't notice a lot of drama, but that it just feels a bit more dead here to me now than terribly toxic, maybe?

However, I do agree that I get embarrassed as well sometimes when I see lawlight shippers get extremely defensive and/or act superior toward people who aren't even attacking them about it, as if this ship isn't by far the biggest one in the fandom already and just a super well known and popular classic ship in general. Going into other fandoms for a bit always reminds me that as a lawlight shipper you're actually pretty spoiled with the amount of great fan content and like-minded people you can find about it out there, and it's not like you have to fight for your life to keep the ship alive or something...

I desperately need to befriend a Death Note fan irl who likes Death Note the way I do.. The only DN fans I've met irl are anime only Near haters :'(

I added about 200,000 more rules to my network’s DNS filter list and now I get zero ads on tumblr mobile at all. It’s amazing.

Tumblr I've gotta tell you, I'm not signing up to beta test your shit or whatever until you make the site stop loading like I'm in 1998 trying to get cheatcodes on GameFAQs over a 56k modem

I’ll never forgive pokemon for making zorua postgame-only in BW because getting one on my cart early game with no outside software has been a fucking hassle

so my newest pokemon goal is to try and complete my dex in black 2 once I finish it <- insane

(this is a small story of how I came to write my own intrusion detection/prevention framework and why I'm really happy with that decision, don't mind me rambling)

Preface

About two weeks ago I was faced with a pretty annoying problem. Whilst I was going home by train I have noticed that my server at home had been running hot and slowed down a lot. This prompted me to check my nginx logs, the only service that is indirectly available to the public (more on that later), which made me realize that - due to poor access control - someone had been sending me hundreds of thousands of huge DNS requests to my server, most likely testing for vulnerabilities. I added an iptables rule to drop all traffic from the aforementioned source and redirected remaining traffic to a backup NextDNS instance that I set up previously with the same overrides and custom records that my DNS had to not get any downtime for the service but also allow my server to cool down. I stopped the DNS service on my server at home and then used the remaining train ride to think. How would I stop this from happening in the future? I pondered multiple possible solutions for this problem, whether to use fail2ban, whether to just add better access control, or to just stick with the NextDNS instance.

I ended up going with a completely different option: making a solution, that's perfectly fit for my server, myself.

My Server Structure

So, I should probably explain how I host and why only nginx is public despite me hosting a bunch of services under the hood.

I have a public facing VPS that only allows traffic to nginx. That traffic then gets forwarded through a VPN connection to my home server so that I don't have to have any public facing ports on said home server. The VPS only really acts like the public interface for the home server with access control and logging sprinkled in throughout my configs to get more layers of security. Some Services can only be interacted with through the VPN or a local connection, such that not everything is actually forwarded - only what I need/want to be.

I actually do have fail2ban installed on both my VPS and home server, so why make another piece of software?

Tabarnak - Succeeding at Banning

I had a few requirements for what I wanted to do:

Only allow HTTP(S) traffic through Cloudflare

Only allow DNS traffic from given sources; (location filtering, explicit white-/blacklisting);

Webhook support for logging

Should be interactive (e.g. POST /api/ban/{IP})

Detect automated vulnerability scanning

Integration with the AbuseIPDB (for checking and reporting)

As I started working on this, I realized that this would soon become more complex than I had thought at first.

Webhooks for logging This was probably the easiest requirement to check off my list, I just wrote my own log() function that would call a webhook. Sadly, the rest wouldn't be as easy.

Allowing only Cloudflare traffic This was still doable, I only needed to add a filter in my nginx config for my domain to only allow Cloudflare IP ranges and disallow the rest. I ended up doing something slightly different. I added a new default nginx config that would just return a 404 on every route and log access to a different file so that I could detect connection attempts that would be made without Cloudflare and handle them in Tabarnak myself.

Integration with AbuseIPDB Also not yet the hard part, just call AbuseIPDB with the parsed IP and if the abuse confidence score is within a configured threshold, flag the IP, when that happens I receive a notification that asks me whether to whitelist or to ban the IP - I can also do nothing and let everything proceed as it normally would. If the IP gets flagged a configured amount of times, ban the IP unless it has been whitelisted by then.

Location filtering + Whitelist + Blacklist This is where it starts to get interesting. I had to know where the request comes from due to similarities of location of all the real people that would actually connect to the DNS. I didn't want to outright ban everyone else, as there could be valid requests from other sources. So for every new IP that triggers a callback (this would only be triggered after a certain amount of either flags or requests), I now need to get the location. I do this by just calling the ipinfo api and checking the supplied location. To not send too many requests I cache results (even though ipinfo should never be called twice for the same IP - same) and save results to a database. I made my own class that bases from collections.UserDict which when accessed tries to find the entry in memory, if it can't it searches through the DB and returns results. This works for setting, deleting, adding and checking for records. Flags, AbuseIPDB results, whitelist entries and blacklist entries also get stored in the DB to achieve persistent state even when I restart.

Detection of automated vulnerability scanning For this, I went through my old nginx logs, looking to find the least amount of paths I need to block to catch the biggest amount of automated vulnerability scan requests. So I did some data science magic and wrote a route blacklist. It doesn't just end there. Since I know the routes of valid requests that I would be receiving (which are all mentioned in my nginx configs), I could just parse that and match the requested route against that. To achieve this I wrote some really simple regular expressions to extract all location blocks from an nginx config alongside whether that location is absolute (preceded by an =) or relative. After I get the locations I can test the requested route against the valid routes and get back whether the request was made to a valid URL (I can't just look for 404 return codes here, because there are some pages that actually do return a 404 and can return a 404 on purpose). I also parse the request method from the logs and match the received method against the HTTP standard request methods (which are all methods that services on my server use). That way I can easily catch requests like:

XX.YYY.ZZZ.AA - - [25/Sep/2023:14:52:43 +0200] "145.ll|'|'|SGFjS2VkX0Q0OTkwNjI3|'|'|WIN-JNAPIER0859|'|'|JNapier|'|'|19-02-01|'|'||'|'|Win 7 Professional SP1 x64|'|'|No|'|'|0.7d|'|'|..|'|'|AA==|'|'|112.inf|'|'|SGFjS2VkDQoxOTIuMTY4LjkyLjIyMjo1NTUyDQpEZXNrdG9wDQpjbGllbnRhLmV4ZQ0KRmFsc2UNCkZhbHNlDQpUcnVlDQpGYWxzZQ==12.act|'|'|AA==" 400 150 "-" "-"

I probably over complicated this - by a lot - but I can't go back in time to change what I did.

Interactivity As I showed and mentioned earlier, I can manually white-/blacklist an IP. This forced me to add threads to my previously single-threaded program. Since I was too stubborn to use websockets (I have a distaste for websockets), I opted for probably the worst option I could've taken. It works like this: I have a main thread, which does all the log parsing, processing and handling and a side thread which watches a FIFO-file that is created on startup. I can append commands to the FIFO-file which are mapped to the functions they are supposed to call. When the FIFO reader detects a new line, it looks through the map, gets the function and executes it on the supplied IP. Doing all of this manually would be way too tedious, so I made an API endpoint on my home server that would append the commands to the file on the VPS. That also means, that I had to secure that API endpoint so that I couldn't just be spammed with random requests. Now that I could interact with Tabarnak through an API, I needed to make this user friendly - even I don't like to curl and sign my requests manually. So I integrated logging to my self-hosted instance of https://ntfy.sh and added action buttons that would send the request for me. All of this just because I refused to use sockets.

First successes and why I'm happy about this After not too long, the bans were starting to happen. The traffic to my server decreased and I can finally breathe again. I may have over complicated this, but I don't mind. This was a really fun experience to write something new and learn more about log parsing and processing. Tabarnak probably won't last forever and I could replace it with solutions that are way easier to deploy and way more general. But what matters is, that I liked doing it. It was a really fun project - which is why I'm writing this - and I'm glad that I ended up doing this. Of course I could have just used fail2ban but I never would've been able to write all of the extras that I ended up making (I don't want to take the explanation ad absurdum so just imagine that I added cool stuff) and I never would've learned what I actually did.

So whenever you are faced with a dumb problem and could write something yourself, I think you should at least try. This was a really fun experience and it might be for you as well.

Post Scriptum

First of all, apologies for the English - I'm not a native speaker so I'm sorry if some parts were incorrect or anything like that. Secondly, I'm sure that there are simpler ways to accomplish what I did here, however this was more about the experience of creating something myself rather than using some pre-made tool that does everything I want to (maybe even better?). Third, if you actually read until here, thanks for reading - hope it wasn't too boring - have a nice day :)

Join my minecraft server!

Join my minecraft java server! It should be running 24/7, and there is a small worldborder with amplified terrain to encourage people to live together! If it sounds fun, come say hi at meow.doeball.ca !

i REALLY want to get into roleplaying sometime soon. like i love running KAF and stuff but it just doesn’t feel interesting enough sometimes… and all of the servers that look interesting don’t allow minors or are essentially dead :(