Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dan Kaminsky Suggests Having Fun with DNS

Posted by timothy on from the bits-is dept.

boogahsmalls writes "A few weekends ago Dan Kaminsky of scanrand fame presented some pretty cool ideas involving DNS that made plenty of heads spin at the LayerOne Technology Conference. Some of his concepts included Voice over DNS and storing Knoppix in a DNS cache. He's also apparently got a couple new tools in the pipe including a scanrand based DNS scanner and a visualization suite. Could another version of Paketto Keiretsu be in the works?" (OpenOffice.org does a great job of opening the PowerPoint slideshow.)

10 of 212 comments (clear)

  1. Nasty Nasty HTML Version by OverlordQ · · Score: 5, Informative

    Enjoy

    Note: Was converted with *gasp*powerpoint so yes it is horrible :)

    --
    Your hair look like poop, Bob! - Wanker.
  2. Re:Crazy! by Dwonis · · Score: 3, Informative

    It's easy. Use djbdns for a little while. BIND stars to look very sendmail-esque after that.

  3. SPF and SPF+ work over DNS by ideut · · Score: 4, Informative
    Dan isn't the first one to suggest novel new applications for the DNS. Many will also be familiar with SPF, the "spam permitted from" framework for defining permitted email senders. Microsoft have recently taken over the standard process and are proposing for the sender permission rules to be sent in XML format over DNS!

    The open source community's response so far has been SPF+, which is essentially a technique of encoding the rules in TCL, which is served over DNS and executed on the mailserver. For obvious reasons, SPF+ will probably define the future of spam control on the internet.

    --

    --

  4. PDF Link by kryptkpr · · Score: 4, Informative

    PDF Conversion of powerpoint presentation

    On my ISP's very fast webspace, but please post mirrors in case they decide to pull the plug.

    --
    DJ kRYPT's Free MP3s!
  5. Re:Some of this stuff really makes alot of sense by kryptkpr · · Score: 4, Informative

    Where's the bad part of this idea?

    1) I think the requirement for caching sets of 4 byte IP addresses and 4 GB movies are quite different. Just because a system is good at one, doesn't mean it will automatically be good at the other. When I RTFA, the author made it quite clear that there was a 512-byte packet size limit, of which only around 50% could be useful for actual data. By the author's own estimation, it would take 35,000 DNS servers to host a single 700mb Knoppix image.

    2) DNS is already an overloaded system, and his idea uses recursion, so it would place even more load on top of it.

    If you think this is going to replace BitTorrent, you're off your rocker.

    --
    DJ kRYPT's Free MP3s!
  6. anybody remember DNS MUDs? by andrewagill · · Score: 5, Informative
    You used to be able to play a text adventure game with DNS:
    ]$ nslookup - hastur.rlyeh.net
    > set querytype=txt
    > set domain=adventure
    > 1
    Alas, hastur has been down since around 1998, but you can still live the magic if you believe in yourself!
  7. Re:Great Article by magefile · · Score: 4, Informative

    I'd suggest Open Office. If you're on a dialup, and don't want to install several hundred megs, then look at the google cache - it'll have an HTML-ized version.

  8. Re:Great Article by rasz · · Score: 3, Informative
    Dan is obviously a very smart guy
    .. and copied DNS and other ideas from others.
    --
    Go grab those torrents.
  9. Slides 1-10 of 44, and /.'s lameness filter sucks by leonbrooks · · Score: 3, Informative
    This paragraph is random crap to keep that fscking lame slash lameness filter happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements.

    This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements. This paragraph is random crap to keep TFLSLF happy, please ignore it. Getting this past TFLSLF was five times harder than copy-pasting the individual text elements.

    Black Ops 2004 @ LayerOne

    Dan Kaminsky

    ===page===break===

    Introduction

    • Who am I?
      • Senior Security Consultant, Avaya Enterprise Security Practice
      • Author of "Paketto Keiretsu", a collection of advanced TCP/IP manipulation tools
      • Speaker at Black Hat Briefings
      • Black Ops of TCP/IP series
      • Gateway Cryptography w/ OpenSSH
      • Protocol Geek

    ===page===break===

    What's On The Plate for Today?
    /* char descrip[256] = "You'll see"; */

    ===page===break===

    What is DNS

    • DNS: Domain Name System
      • Mechanism for translating human-readable names into machine routable addresses
    • "Like 411 for the Internet"
      • As 411 usually but not always yields simple phone numbers, DNS usually but not always yields IP addresses
      • A: Given name, find IP
      • MX: Given name, find Mail
      • PTR: Given IP, find name
      • TXT: Given name, find "stuff"

    ===page===break===

    "Useful" Traits of DNS
    (Very Very Abridged)

    • Hierarchical
      • .com says where to find addresses in .doxpara.com, and .doxpara.com says where to find addresses in foo.doxpara.com
    • Recursive vs. Iterative Lookups
      • Iterative Lookup: Ask a server a question, it tells you where to go to find out the answer
      • Recursive Lookup: Ask a server, it goes out and finds out the answer for you, and tells you
      • It queries the hierarchy - which you may control
    --
    Got time? Spend some of it coding or testing
  10. Parent is a troll linking to a troll by jensend · · Score: 4, Informative

    If you read the linked email and the replies to it, you will find that the linked post is a troll. For real information about SPF, visit spf.pobox.com.