This is a little scary:
see the two GitHub examples about ½ way down.
Time to block all *.zip
and *.mov
domains?
This is a little scary:
see the two GitHub examples about ½ way down.
Time to block all *.zip
and *.mov
domains?
This maybe easy with proxy
With something like *.zip and *.mov
Any suggestions without proxy?
I don’t have a good answer. But someone is trying to create a list of zip domains and their IP addresses.
This looks like it could be a start for an IPSet list!
You can use DNS Forwarding. Just enter zip as zone, something that will never answer as server (127.1.2.3 for example), Enable, Disable DNSSEC. Then do the same for mov.
I’m not sure this is a huge problem however, the people vulnerable to this are likely to fall prey to many other “easier” scams, too.
IPFire WEB Home/Network/DNS Forwarding
Add there the zip and the mov as new entry
Use 0.0.0.0 for fast response .
@trash-trash - can you click on the edit (the pencil) and post a screen shot of the larger firewall rule page? I have a terrible time understanding the mini version of a firewall rules.
Thank you!
I don’t think you need a firewall rule for this
They are using the DNS forward tab
so if I understand this right.
Zone = * .zip (* wildcard / anything ).zip
Name server 127.1.2.3 (loop back address will get no response)
generaly the only loop back address used is 127.0.0.1 local host
and apparently 0.0.0.0 an invalid ip so it will work the same?
0.0.0.0 is sometimes all ip’s like * . * . * . * would be
DNSSEC disabled (because not Valid)
Assuming only disables DNSSEC for that domain
so all requests go into loop back black hole.
hope I have this right
D’oh!
I am an idiot!
I’ll look at the DNS Forwarding. I am worried about disabling the DNSSEC (which I don’t want to do!)
Does this need updated? the last bit about “Open console”
can this be done from the WUI
without the manual modifications
maybe (I need to read through it!). If you see something incorrect feel free to add or change.
I tired a few different things with DNS Forward and I get getting
DNS forward configuration
Error messages
Invalid domain name.
Keep in mind I know little to nothing about DNS Forward
Perhaps the error is correct.
and the wiki is correct.
you would need to add it threw the console per the wiki
Perhaps Stefan would know.
@jon
Hi Jon
Adding zip and mov to DNS Forward works? Or is there any error?
On my side, I had no error and the test result works. I tested others for check function too.
Just type zip into Zone and the IP 0.0.0.0 or IP 127.0.0.1 into Nameservers.
Enabled and Add / Save
Same for mov
No need for DNSSEC because we just block those two top domains. No need for any checks.
BR
Trash
All of my tests included wildcards (e.g., *.zip
). I give it a try with jus zip
. I am curious, what did you do to test this?
EDIT: it looks like this is what is changed (see stub-zone):
[root@ipfireAPU bin] # cat /etc/unbound/forward.conf
# This file is automatically generated and any changes
# will be overwritten. DO NOT EDIT!
server:
qname-minimisation-strict: yes
stub-zone:
name: zip
stub-addr: 0.0.0.0
forward-zone:
name: "."
forward-tls-upstream: yes
. . .
As you can see at last screenshot of DNS Forwarding, I just added for tests “com net org” and furthermore of top domains.
Sites that I was not browsing them before I startet the test, ends with no result… timeout.
Remember please, that you computer have IPs in the cache, that need to be cleard. Maybe disconnect network for a short time and reconnect, or reboot the computer where you are testing.
The reason why I do not use 127.0.0.1 at this point, ist that the clients gets no a localhost reference info, so they do not try search further.
Furthermore I tried by a live linux on DVD, to serve some zip sites in an isolatet network … All tests go in time out too.
BR
Trash
FYI - with Disable DNSSEC the forward.conf
looks like this…
[root@ipfireAPU bin] # cat /etc/unbound/forward.conf
# This file is automatically generated and any changes
# will be overwritten. DO NOT EDIT!
server:
qname-minimisation-strict: yes
stub-zone:
name: zip
stub-addr: 0.0.0.0
server:
domain-insecure: zip
forward-zone:
name: "."
forward-tls-upstream: yes
. . .
Test this please:
/var/ipfire/dnsforward/conf
on,zip,0.0.0.0,block top domain *.zip,off
on,mov,0.0.0.0,block top domain *.mov,off
To test any other simply enter an other top domain.
Example to make it easy:
on,com,0.0.0.0,block top domain *.com,off
on,net,0.0.0.0,block top domain *.net,off
BR
Trash
Ok I thinK I under stand why this can and should be
Just "zip"Not * .zip
I am confusing web site address / names with the Domain.
Google .com
“com” is the Domain
My ipfire router is “ipfire.localdomain”
“localdomain” is domain
ipfire is equivalent to Google
So if ihave 2 ipfires with a N2N tunnel
1 named "ipfirehome.shaunhome
2 named "ipfirework.shaunwork
I would add work in the DNS forward to ipfire.shaunhome
You are good, you had good explaind.
My DNS Forward have the info for:
localhost.localdomain.local.
ipfire.localdomain.local.
localhost = 127.0.0.1
ipfire = 127.0.0.1
localdomain = 127.0.0.1
local = 127.0.0.1
My “root ns .” = 127.0.0.1
Please note: Never use other domainname when you are not the owner! And owner of your own Name Server! Or had set that domain locally to 127.0.0.1 .
At old forum of ipfire org it was explaind excellently.
So if you are not the owner of example.com or example.net etc. do not choose ipfire.example.com for your Firewall. In some cases you will share informations to that domain. So avoid do so.
Keep using ipfire.localdomain.local this is safe.
Sorry for my bad English.
Edit:
two correction done to typo.
@hvacguy
In this case of your example we take ex. [www.google.com.]
www ist the sub domain an web-server and in other words an (( localhost at that maschin ))
google is the domain and in other words the localdomain
com is the top level domain TLD and in other words the local
. is the root name server
BR
Trash
This is such an interesting topic, I can’t believe I missed this
Google Domains who appears to be the exclusive registrar was sold to Square Space,
and this list of all ZIP domains was taken down by Github, I wonder why ???
Sofar I only found 2 ZIP domains
community DOT z i p
url DOT z i p
dot zip Name servers:
ns-tld1.charlestonroadregistry.com 216.239.32.105
2001:4860:4802:32:0:0:0:69
ns-tld2.charlestonroadregistry.com 216.239.34.105
2001:4860:4802:34:0:0:0:69
ns-tld3.charlestonroadregistry.com 216.239.36.105
2001:4860:4802:36:0:0:0:69
ns-tld4.charlestonroadregistry.com 216.239.38.105
2001:4860:4802:38:0:0:0:69
ns-tld5.charlestonroadregistry.com 216.239.60.105
2001:4860:4805:0:0:0:0:69
I find it interesting that half of the ip addresses have already been reported for hacking and other activity.