Older blog entries for wardv (starting at number 26)

DNS

OK, I got curious. I'm trying to figure out what software the 13 root DNS servers run. With this little shell script:

  for i in a b c d e f g h i j k l m;
    do echo $i.root-servers.net; dig +short -c chaos -t txt version.bind
      @$i.ROOT-SERVERS.NET.  | grep -v "^;;" | grep -v "^$" | grep -v ";vers";
  done

One can compile this list:

  a.root-servers.net "VGRS2"
  b.root-servers.net "8.2.5-REL"
  c.root-servers.net "8.3.3-REL"
  d.root-servers.net "8.3.1-REL"
  e.root-servers.net "8.3.3-REL"
  f.root-servers.net "9.2.2rc1"
  g.root-servers.net
  h.root-servers.net "8.3.4-REL" / "9.2.2" (try a couple of runs of the script)
  i.root-servers.net "8.2.3-REL"
  j.root-servers.net "VGRS2"
  k.root-servers.net
  l.root-servers.net "BIND-8.3.1-MA-PATCH-JMB-01"
  m.root-servers.net "8.3.4-REL"

Given that we know that K switched to NSD, we can ask it:

  dig +short -c chaos -t txt version.server @k.root-servers.net
and see:
  "NSD-1.0.2"
That leaves us with one mysterious server, G.

A and J are the Verisign servers, and according to this article they may actually be running the proprietary ATLAS software Verisign developed (why is beyond me given djbdns exists, but hey they are a Big Corporation TM). However, I'm not convinced they actually are.

I used the (crude) dns fingerprinting tool available at darklab.org to look at the size of the packet returned after a query for 127.0.0.1 and 'localhost'. This is what I saw:

A  VGRS2                  104  102
B  8.2.5            ->    111  102
C  8.3.3                  104  102
D  8.3.1                  104  102
E  8.3.3                  104  102
F  9.2.2rc1               104  102
G  ?????                  104  102
H  8.3.4                  104  102
H  9.2.2                  104  102
I  8.2.3                  104  102
J  VGRS2            ->    256  102
K  NSD-1.0.2              104  102
L  8.3.1-MA-PATCH-JMB-01  104  102
M  8.3.4                  104  102
Using ethereal to capture the responses, I looked at the result for the query about 127.0.0.1 only (since all the 'localhost' response have the same size, and the couple I checked said NXDOMAIN). Here is what I found:
  • All servers except B respond with NXDOMAIN, and point to A as authoritative.
  • B kindly tells us that 127.0.0.1 is LOCALHOST, which explains the slightly larger packet it returns. (Dig confirms this with dig @b.root-servers.net PTR 1.0.0.127.in-addr.arpa)
  • J also responds with NXDOMAIN, but returns all root servers except itself as list of authoritative nameservers (!)
  • K returns the authoritative information entirely in lowercase, all other servers respond entirely in uppercase. Potentially a way to distinguish NSD from BIND?

Given all this, my suspicion is that A and G are running BIND 8.x or 9.x. J, however, puzzles me. Maybe it is running that proprietary Verisign software. Maybe just some version of BIND. I guess I need better tools/more time to figure that out.

That is as far as I got. Any insights welcome :) And if you have pointers to better DNS fingerprinting software, I'd be grateful.

Travelling

Last entry of the year! It's been a busy month, December, with an exam, lots of travelling, and a paper to write. I've been in the US for a couple of weeks, we were visiting my girlfriends' family. It was nice - and I even got to work some on my paper about the copyright legislation and its influence on innovation. I'm not quite finished yet, though.

W3C

I've just posted an Advogato Article, my first one :) It's about the Last Call Working Draft of the W3C Royalty-Free Patent Policy, for which the deadline for comments is tonight. Have are read and comment if you can...

18 Dec 2002 (updated 18 Dec 2002 at 05:27 UTC) »
XP

Shudder. I helped my girlfriend's parents get a new machine, and it came with XP - no way around it. I wanted them to get an iMac, but they really wanted a PC...

The coolest part of this computer is no doubt the screen. It's a Samsung SyncMaster 171v, a 17" viewable LCD, and it's amazing. Crisp image, giant screen surface, 1280x1024, contrast ratio 400:1. And only $400, too (after $150 mail-in rebate)!

So my first real experience with XP (yes, I had been lucky so far :) Their machine has a P4 2.4GHz, 512MB RAM, and a 60GB 7200rpm hdd. You would expect it to fly. Well, not really. XP is slow. I'm currently looking at a tweaking guide, maybe that will help.

What blew me away, though, was when I selected 'Windows update', giving me no less than 26 'Critical updates and service packs', and another 20 or so less critical fixes. Wasn't XP supposed to be Redmont's safest OS ever? Yeah, right.

What a piece of crap.

27 Nov 2002 (updated 27 Nov 2002 at 00:06 UTC) »

OK, I need to rectify something here. I wrote yesterday that I was not aware of any coordinated action in Belgium against the crazy laws the WIPO is trying to make us swallow.

That is not entirely correct, I had forgotten about the AEL, as Liam R. E. Quin, Joao Miguel Neves and MJ Ray helpfully pointed out. Thanks, guys, much appreciated!

Time to start doing things - as far as that is possible from the UK.

25 Nov 2002 (updated 25 Nov 2002 at 20:56 UTC) »

I just finished listening to/watching the Flash version of Lawrence Lessig's 'free culture' talk. 31 minutes, HIGHLY recommended - and a transcript and MP3 (should really be Ogg/Vorbis) version are available.

One of his main questions to the audience (OSCON 2002) is 'What have you done?'. A very, very good question. I think the Campaign for digital rights is doing good work here in the UK. In Belgium, my home country, I'm ashamed to say that there is no coordinated action regarding this nonsense. So what am I doing? I'm going to try summing up here, not necessarily in order of importance.

First of all, I'm a member of EFF.

Secondly, when I write software, I GPL it.

Thirdly, after a happy couple of years working, I am now doing a masters in public policy. I am focussing my attention on intellectual property and its threats to innovation, freedom and democracy (amongst a few other things). As much as I prefer just writing code and being a unix sysadmin, I feel we need more people who understand the issues at stake (that's people like us) stepping from behind the screens, and more actively trying to influence the debate. I have to write a dissertation next summer - guess what that will be about.

The last thing I do is talk about intellectual property and its effects to people I know. Friends, family, classmates, etc. My girlfriend calls me a 'computer activist' - something she says she didn't know existed until she met me.

I've also written a few articles about the issue for a now defunct Belgian computer magazine (corporate.net).

All of this is something, but not enough. I want to do more - time permitting of course. Maybe more precisely, I want to be more effective. I would like to hear and learn from you what you are doing! E-mail me...

7 Sep 2002 (updated 8 Sep 2002 at 21:07 UTC) »
IPSec

So now the IPSec tunnel I've been working on finally works. In the end we ditched the Symantec Firewall/VPN appliance 200, got a Cisco 1710, and it worked at once.

Frustrating. I am not happy with these Symantec things. They are really OEMs of a company called Nexland, and I suspect they are built on FreeSWAN - the log entries are identical, so...

But try to connect them to a Checkpoint FW/1 NG on the other side, and you can't even get the IKE to work properly. Connect them to a Cisco on the other side, and all seems to work (pinging through the tunnel works fine, etc), until you send some larger http packets, at which point the Symantec doesn't encrypt them properly anymore, the Cisco logs lots of errors when trying to decrypt them, and you get serious packet loss. Tunnel unuseable. Symantec posted a firmware update for the thing on August 26th, which has lots of bugfixes for things that sound rather serious. Even one to do with large packets. But it didn't fix this problem.

If this had been a GNU/Linux box with FreeSWAN, I wouldn't have lost as much time, I think. Hmmmm. I'll think twice before considering using these yellow boxes ever again.

Cisco

I must say I've refreshed my knowledge about Cisco a bit with all this IPSec stuff. One of the more curious things I found out is that Ciscos work with standard PC RAM. Or at least the (old-ish) 3620 that I was using works just fine with old 'Compaq' 72 pin RAM. Interesting.

Brighton

I'm leaving coming Monday, to spend some days in Oxford/London, and then move to Brighton with my alter ega. Can't wait! That same day I have an interview at the university - still looking at that MSc in Science and Technology Policy (STP). I hope I'll be accepted - if not I'll have to find something else to do!

1 million dollars

Someone donated 1 million dollars to Duke University to fight abusive copyrights. Now that's good news. The person is 'anonymous' - but if you add 1 and 1... Where is Duke University? Durham, North Carolina. Where is RedHat? Right, Raleigh, North Carolina. That's really close. Well maybe it is a coincidence...

Microsoft

Our good friends in Redmont are mystified about a mysterious wave of successful breakin attempts to Windows machines of all kinds that do not appear to be the result of a worm or virus. Backdoor, anyone?

26 Aug 2002 (updated 26 Aug 2002 at 22:51 UTC) »
IPSec

So I've been playing with IPSec lately. More specifically with a Symantec Firewall/VPN appliance 200.

The good
It boots blazingly fast (3 seconds).
It has a nice web interface.
I suspect it's built on Freeswan.

The bad
It doesn't interoperate well with other IPSec implementations. With FW/1 4.1 alledgedly it works, but I can assure you that with FW/1 NG it doesn't. A VPN between two of these beasts works just fine as well, of course. It also seems to work with a Cisco router on the other side.
It's a 'black box' - well technically a yellow one. The logs are not very extensive, and the web interface, however nice, gives me a limited feel. I guess I just want a prompt, I'm a bit oldfashioned.

Cisco

Setting up a VPN tunnel through a NAT device (in this case a Cisco 827) turns out to be slightly troublesome. The problem is the Port translation done by the NAT - IPSec doesn't really like that. But here's an article that tells you which line to add to your config to make it work. Beware, however, you might need to update your IOS....

Life, the universe,...

Last week at work. I'm getting my paperwork together for my application to the University of Sussex. It's complicated and involves translations of my diploma and transcript. I also need references - luckily I have built enough social capital to get a few of those.

22 Aug 2002 (updated 7 Sep 2002 at 08:43 UTC) »
Brighton

I'm going to move pretty soon now. I'm excited - most of all to see my alter ega again. I'm looking at studying now, there's an interesting MSc in Science and Technology Policy (STP) there that I am going to apply to.

Job

It's official now, I have resigned. It's a shame, I will miss my colleagues, the good atmosphere, and the cool job at ba.be. And the domain name, of course :) But the future lies before me, and the coming year, I will be in the UK!

Homewall

Homewall, our trustworthy home server, has been working wonderfully since December 4th 1999. It was a Redhat 6.2 box with some firewalling and the usual other things. A couple of weeks ago I have rebuilt the software from scratch - now it runs a nice Debian Woody. This box is a good example of cooperation between me and my dad - he built the electronics to have it switch on automatically as soon as there is traffic on the LAN, and I did all other software bits. And it works just perfectly and independantly.

Sysadmin interview

After reading an ask slashdot about how to interview a sysadmin candidate, I took the brainbench general linux administration test again. Scored somewhat higher than last time - now I am in the top 4 percentile :)

The comments on the ask slashdot piece were quite interesting - especially since I might be doing some interviews soon. Anyone remember corewars? Now that was a cool game! I haven't played with robocode yet, but it looks like corewars' modern day's equivalent....

11 Aug 2002 (updated 11 Aug 2002 at 15:46 UTC) »
Brighton

So now that we have found a place to live, all that is left is something to do. Life is very expensive in the UK - at least compared to our side of the channel - so I will need some source of income. The job I had been hoping to get fell through, so it's back to searching. Maybe I should go study again - there are excellent artificial intelligence masters at the University of Sussex.

Switzerland

Here I am, on a mountain above Montreux. The weather is terrible - we're in the clouds and it rains all day. Like it has for the most of the last two months, I have been told.

The little internet cafe I set up here still works like a charm. Next summer we'll actually hook it up to a broadband line which will be much better. I'll need to rewrite my software but that's ok.

Life

It's hard to be over 9000 km from the person you love. I can't wait until September.

Brighton

I spent this weekend in Brighton looking for a home. It was the hottest weekend of the year in the UK (and here in Belgium too I think), so I did loose a fair amount of sweat.

We've found a flat! It's on the seashore, expensive but considering the average price in Brighton not too bad. And it's a nice place with 2 big-ish rooms so we can have people stay over :)

Now all that needs to be sorted out is finding something to do ;)

17 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!