The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,465 other followers

Archive for the ‘DNS’ Category

Tricks used by software developers to https://127.0.0.1

Posted by jpluimers on 2021/09/07

Long interesting thread at [WayBack] Thread by @sleevi_: “@SwiftOnSecurity So, some history: It used to be folks would get certs for “localhost”, just like they would from “webmail”, despite no CA e […]”

In  2019, applications were still using tricks (including shipping private keys!) to “securely” access https://127.0.0.1 on some port.

This should have stopped in 2015, but hadn’t. I wonder how bad it still is today.

Related:

Read the rest of this entry »

Posted in Communications Development, Development, DNS, HTTP, Internet, Power User, Software Development, TCP, TLS | Leave a Comment »

For my link archive: DNS over https

Posted by jpluimers on 2021/09/02

DNS over HTTPS

For my link archive:

JSON DNS output

Some DNS over HTTSP providers support dns-json, which Cloudflare delivers non-pretty printed.

To pretty print in the same order as the input, pipe through json_pp or python -m json.tool which however will sort (either alphabetically or by dictionary hash) the output.

If you like jq and colourised output, then you can pipe through jq .  as well  (which does not sort the nodes).

Piping curl output requires the curl --silent parameter to suppress progress reporting.

See these for more information:

Example:

Read the rest of this entry »

Posted in Communications Development, Development, DNS, HTTP, Internet, Internet protocol suite, Power User, Software Development, TCP, TLS | Leave a Comment »

Firefox: disable DNS over HTTPS (which they call TTR)

Posted by jpluimers on 2021/08/03

There are many reasons to disable DNS over HTTPS (DoH), of which enough are discussed in the links below.

Disabling DoH always talks about setting TTR (the abbreviation Mozilla uses for it) to 5 (like [WayBack] Thread by @isotopp: “Firefox is about to break DNS by enabling DNS-over-HTTP by default […]”), but hardly ever explains the meaning of 5, or any other potential values.

After some searching, I found [WayBack] Firefox disable trr | Knowledge Base:

  • 0: Off by default
  • 1: Firefox chooses faster
  • 2: TRR default w/DNS fallback
  • 3: TRR only mode
  • 5: Disabled

I imagine the setting we’re all looking for is: user_pref(“network.trr.mode”, 5); (emphasis mine)

It pointed me to [WayBack] Trusted Recursive Resolver – MozillaWiki:

Read the rest of this entry »

Posted in Communications Development, Development, DNS, Firefox, Internet protocol suite, Power User, TCP, Web Browsers | Leave a Comment »

Microsoft subdomains

Posted by jpluimers on 2021/06/02

Almost every company I know has more than one subdomain, but while researching why support.microsoft.com could not be archived in the WayBack machine, I realised how many they have and bumped into a few sites listing most of them:

All via microsoft.com subdomains – Google Search.

–jeroen

Posted in Development, DNS, Internet, Power User, Software Development, Web Development | Leave a Comment »

Need to do some reading on local domains on the internal network

Posted by jpluimers on 2021/04/09

A long time I wondered why I saw ESXi systems on my local network have two entries in their /etc/hosts file:

[root@ESXi-X10SRH-CF:~] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.71.91   ESXi-X10SRH-CF ESXi-X10SRH-CF

Then I bumped into someone who had a different setup:

[root@ESXi-X10SRH-CF:~] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.0.23    esxi.dynamic.ziggo.nl esxi

So now I knew that the first entry can have a domain resolving it (it still makes be wonder why ziggo is using a top-level domain to resolve local stuff; but searching for  dynamic.ziggo.nl did not get me further on that).

So I installed a quick ESXi machine on that local network, and got the same.

When back home the machine still thought it was esxi.dynamic.ziggo.nl, though clearly I was outside a Ziggo network

I wanted to get rid of it, but that was hard.

Since I forgot to take screenshots beforehand, I can only provide the ones without a search domain bellow.

Reminder to self: visit someone within the Ziggo network, then retry.

Normally you can edit things like these in the default TCP/IP stack. There are two places to change this:

Neither of these allowed me to change it to a situation like this, but luckily the console did.

In the below files, I had to remove the bold parts, then restart the management network (I did keep a text dump, lucky me):

[root@esxi:/etc] grep -inr ziggo .
./vmware/esx.conf:116:/adv/Misc/HostName = "esxi.dynamic.ziggo.nl"
./resolv.conf:2:search dynamic.ziggo.nl 
./hosts:5:192.168.71.194    esxi.dynamic.ziggo.nl esxi
[root@esxi:/etc] cat /etc/resolv.conf 
nameserver 192.168.71.3
search dynamic.ziggo.nl 
[root@esxi:/etc] cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1   localhost.localdomain localhost
::1     localhost.localdomain localhost
192.168.71.194  esxi.dynamic.ziggo.nl esxi

Future steps

  1. Read more on local domains, search domains and related topics
  2. Configure a local domain on my local network, so DHCP hands it out, and DHCP handed out host names are put in the local DNS
  3. Test if all services on all machines still work properly

Reading list

Read the rest of this entry »

Posted in DNS, ESXi6.5, ESXi6.7, Hardware, Internet, Mainboards, Network-and-equipment, Power User, SuperMicro, Virtualization, VMware, VMware ESXi, X10SRH-CF, X9SRi-3F | Leave a Comment »

 
%d bloggers like this: