1598430900
A DNS server written in Deno
deno-nameserver is a DNS Server written using Deno
This is a very basic experiment at writing a simple DNS server using Deno, using the currently-unstable UDP datagram support in Deno (i.e. you have to run with --unstable). Vaguely following RFC1035, but mostly implemented by looking at Wireshark captures. Does not support TCP, so messages need to fit within a single UDP packet.
It is intended to act as a local server to respond to basic queries, and does not offer recursive lookups.
Obviously this is not stable and not for production use! It seems like dig et al though seem to be happy enough with the responses it sends.
Usage
Update the content of config.ts as required (see below), then run it:
deno run --unstable --allow-net main.ts
Configuring the server via config.ts
IP & PORT
Typically you’ll want to leave these alone and keep them at their defaults of 0.0.0.0 and 53 - this will make the server listen on all IPs at the usual port for DNS servers.
NAMES
This is where you configure the names you want to respond to.
In this example there are two names that the server is configured to respond to.
public static readonly NAMES:DNSConfig = {
'MyNas.whatever': {
ttl: 3600,
class: {
'IN': {
'A': '192.168.0.17',
}
}
},
'HomePrinter.something.cool': {
ttl: 3600,
class: {
'IN': {
'A': '192.168.0.123',
}
}
},
};
Add as many records as you need. Typically you’ll want them all to be IN class (i.e. internet) and A record types (i.e. IPv4 address). Note that your OS or router’s DHCP settings might automatically append a suffix to any name you try to lookup - either disable that, or add an entry with the suffix if you want to serve those names.
Since the config is actually included as a typesccript module, you can do cunning stuff in the config.ts file if you really want to, such as dynamic names or addresses. As far as I am aware (and I have done zero research here) this is something fairly unique among DNS servers. The flip side is that it has absolutely zero fault tolerance since it needs to be compiled as it is actually typescript code.
Why? Why don’t you use dnsmasq or whatever?
This was just written for the fun of it. I needed a simple DNS server for use with tailscale and I thought it would be more fun to write my own than read the docs for dnsmasq.
Download Details:
Author: matt1
Source Code: https://github.com/matt1/deno-nameserver
#deno #nodejs #javascript #node
What is GEEK
Buddha Community
1625843760
Python Packages in SQL Server – Get Started with SQL Server Machine Learning Services
Introduction
When installing Machine Learning Services in SQL Server by default few Python Packages are installed. In this article, we will have a look on how to get those installed python package information.
Python Packages
When we choose Python as Machine Learning Service during installation, the following packages are installed in SQL Server,
- revoscalepy – This Microsoft Python package is used for remote compute contexts, streaming, parallel execution of rx functions for data import and transformation, modeling, visualization, and analysis.
- microsoftml – This is another Microsoft Python package which adds machine learning algorithms in Python.
- Anaconda 4.2 – Anaconda is an opensource Python package
#machine learning #sql server #executing python in sql server #machine learning using python #machine learning with sql server #ml in sql server using python #python in sql server ml #python packages #python packages for machine learning services #sql server machine learning services
1596848400
Critical DNS Bug Opens Windows Server to Infrastructure Takeover
Microsoft gives the ‘wormable’ flaw a security rating of 10 – the most severe warning possible.
A critical Microsoft Windows Server bug opens company networks to hackers, allowing them to potentially seize control of IT infrastructures. Microsoft issued a patch for the bug on Tuesday as part of its July Patch Tuesday roundup.
It turns out that the bug is 17 years old. Impacted are Windows Server versions from 2003-2019. The bug, found by researchers at Check Point, received a severity warning of 10 – the highest allowed. Most concerning to researchers however is that the bug is wormable, meaning a single exploit of the flaw can trigger a chain reaction that allows attacks to spread from one computer to another.
“[The] security flaw would enable a hacker to craft malicious DNS queries to the Windows DNS server, and achieve arbitrary code execution that could lead to the breach of the entire infrastructure,” according to Check Point researcher Sagi Tzaik, who is credited for finding the flaw.
Microsoft released a patch for the vulnerability, identified as CVE-2020-1350, and urged customers to prioritize an update to their systems. Check Point is calling the bug SigRed – a nod to the vulnerable DNS component and function “dns.exe”.
A hacker can gain Domain Administrator rights over the server, “enabling the hacker to intercept and manipulate users’ emails and network traffic, make services unavailable, harvest users’ credentials and more. In effect, the hacker could seize complete control of a corporation’s IT,” researchers wrote, in a technical analysis of the bug, posted Tuesday.
**Patching Is an Imperative **
Upping the chance for exploitation by a hacker is the relatively simple prerequisites needed to exploit the vulnerability. “The likelihood of this vulnerability being exploited is high, as we internally found all of the primitives required to exploit this bug, which means a determined hacker could also find the same resources,” researchers noted.
“This issue results from a flaw in Microsoft’s DNS server role implementation and affects all Windows Server versions. Non-Microsoft DNS Servers are not affected,” Microsoft wrote in a post Tuesday. “While this vulnerability is not currently known to be used in active attacks, it is essential that customers apply Windows updates to address this vulnerability as soon as possible.”
Mechele Gruhn, principal security PM manager at the Microsoft Security Response Center, noted that “if applying the update quickly is not practical, a registry-based workaround is available that does not require restarting the server. The update and the workaround are both detailed in CVE-2020-1350.”
“CVE-2020-1350, a wormable remote code execution vulnerability in Windows DNS Server, could very well be the most critical Windows vulnerability released this year, receiving a rare 10 out of 10 CVSS score,” Chris Hass, director of information security and research at Automox, told Threatpost.
“A wormable vulnerability like this is an attacker’s dream. An unauthenticated hacker could send specially crafted packets to the vulnerable Windows DNS Server to exploit the machine, allowing for arbitrary code to be run in the context of the local system account. Not only will the attacker have full control of the system, but they will also be able to leverage the server as a distribution point, allowing the attacker to spread malware between systems without any user interaction. This wormable capability adds a whole other layer of severity and impact, allowing malware authors to write ransomware similar to notable wormable malware such as Wannacry and NotPetya,” Hass said.
Exploiting a 17-Year-Old Bug
The flaw itself is an integer-overflow bug that can trigger a heap-based buffer overflow attack tied to the DNS module called dns.exe, which is responsible for answering DNS queries on Windows Servers.
By abusing the dns.exe module, two attack surfaces were created by researchers. One is a “bug in the way the DNS server parses an incoming query.” And the second is “a bug in the way the DNS server parses a response (answer) for a forwarded query.”
The attack requires researchers to first force a Windows DNS Server to parse responses from a malicious DNS NameServer. This employs the dns.exe module, which parses all supported response types. One of those supported response types is for a Secure Internet Access (SIG) query called SIG(O). Researchers focused their attention on creating a request that exceeded the maximum size request of 65,535 bytes, and causing the overflow. By using compressed data, researcher were able to create a successful crash.
“Although it seems that we crashed because we were trying to write values to unmapped memory, the heap can be shaped in a way that allows us to overwrite some meaningful values,” they wrote.
This local attack then was replicated remotely, by “smuggling DNS inside HTTP” requests on Microsoft Explorer and Microsoft Edge browsers (Google Chrome and Firefox are not vulnerable to this type of attack). Because DNS can be transported over TCP — and Windows DNS Server supports this connection type – researchers were able to craft a HTTP payload.
“Even though this is an HTTP payload, sending it to our target DNS server on port 53 causes the Windows DNS Server to interpret this payload as if it was a DNS query,” they wrote. Researchers were able to circumvent HTTP protections against similar malicious HTTP payloads by “smuggling” DNS query data inside the POST data located in the HTTP request.
Chromium-class browsers (Google Chrome and Mozilla Firefox) do not allow HTTP requests to port 53, therefore the bug can only be exploited Internet Explorer and Microsoft Edge.
“Successful exploitation of this vulnerability would have a severe impact, as you can often find unpatched Windows Domain environments, especially Domain Controllers. In addition, some internet service providers (ISPs) may even have set up their public DNS servers as WinDNS,” Check Point wrote.
#vulnerabilities #web security #critical vulnerability #cve-2020-1350 #dns #dns nameserver #dns.exe #domain administrator #http request #july patch tuesday #microsoft patch #microsoft security response center #security bug #sigred #windns #windows server #wormable
1603569600
How to configure external DNS with DigitalOcean DNS extension on Plesk
As a customer-friendly hosting panel, Plesk’s entire architecture and ecosystem are strategically designed to streamline and simplify things for customers. Besides the availability of extensions, the menu empowers clients to self-manage various backend and front-end aspects of their website. One of the very useful extensions in this list is the DigitalOcean DNS extension. In this tutorial, we will learn how to configure an external DNS server quickly and safely with Plesk.
There are good chances that, as a genuine netizen, Domain Name Service shouldn’t be an alien word for you. But sharing more knowledge never hurts. So, let’s dig deeper into this before coming to the main topic.
DNS described in simple language
Think of DNS as a translator between you and the computer. DNS or Domain Name Server converts the simple English names like www.google.com into “computer language” of numerical codes.
This process of changing general domain names into computer language is called Resolving. The entity/agent that obtains the IP address by communicating with other servers is called DNS resolver. Loaded with sophisticated capabilities, Plesk can work as a reliable and competent DNS resolver.
Here is the USPs of Plesk as a DNS server resolver
- It can act as a backup server
- Quick and direct translation services
- Facility to handle translation services on a remote server
How does DNS work?
A specific storage space containing specific domain addresses either in a file or an authorized server is called domain zones. There are two types of DNS servers – Root DNS servers and secondary DNS servers, commonly known as lower-level DNS servers.
Root DNS servers refer to a hierarchically arranged global storage system containing the entire DNS database and corresponding IP addresses for all domain names. When the requesting browser attempts to access, say www.myexample.com it requests the authorized server to get the corresponding IP address.
Next level DNS servers store partial DNS databases. These servers are owned by business entities or ISPs who have registered their computers on the DNS system. They run the DNS server software to initiate and manage the DNS resolution process. Each DNS server comes with a public IP as well as vital databases of other hosts including their network names and addresses.
The visitor enters the desired domain name in the address bar and hits enter. It initiates the communication between visitors’ system and DNS server. Acting as a DNS client the web browser requests DNS data from a DNS server which is run by the user’s Internet service provider. Acting on the request the server looks into the internal DNS database to find a matching IP address.
In case if the server fails to find the match it forwards the request to another secondary DNS server in the network. If the matching IP is not found there the request is then escalated to the root server containing the global DNS database. After getting the domain name and corresponding IP the data is returned to the web browser through the route of DNS network. This is known as forward DNS. There is another process known as reverse DNS but that is beyond the scope of this article. You can read about it here.
Delegating DNS zone responsibilities
As a domain name client, you can either allow your registrar to handle the DNS zone responsibilities or delegate it to Plesk. The latter option enables you to self manage your domain zone through your Plesk interface.
Just like most of us techies, DNS is also a multi-tasker. Along with translating domain names into IP addresses, it also delivers other vital data like information related to mail domain, IP validity status, etc.
Configure an external DNS server quickly and safely with Plesk
By default the Plesk works as a master DNS server for the hosted website, i.e., other DNS servers can directly transfer their zones file from it. You also have the option to use the third party DNS servers. In this guide, we present the step by step instructions on how to install a digital ocean DNS extension on Plesk.
- Go to the Plesk Extensions Catalog.
- Search for DigitalOcean DNS and click “Install on my server”
- Open the extension.
- It opens the page presenting two options for installation namely “0Auth Authentication” and “API token”
Setting up your DigitalOcean DNS using Plesk Extension with API Token
Click on “API Token.” You would be prompted to enter a token. To generate the token, log into your digital ocean account and click API (left bottom). Click on “Generate a new token”. Enter your desired token name in the resultant dialogue box and click the button below it. You would see the details of the generated token. Copy the code.
Next, go to the Plesk tab, paste code in the box, and click the button below it. On the next screen, you can confirm that the digital ocean extensions have been connected. Click on the option “Activate all” and the extension will be active on all the connected domains.
#product and technology #tips and easy-reading #0auth authentication #api token #clouds #digitalocean #digitalocean dns #dns #dns servers #plesk extensions #tutorial
1600347600
SCHEMAS in SQL Server -MS SQL Server – Zero to Hero Query Master
Introduction
This is part 3 of “MS SQL Server- Zero to Hero” and in this article, we will be discussing about the SCHEMAS in SQL SERVER. Before getting into this article, please consider to visit previous articles in this series from below,
- MS SQL Server – Zero to Hero Query Master – Part 1
- MS SQL Server – Zero to Hero Query Master – Part 2
A glimpse of previous articles
Part 1
In part one, we learned the basics of data, database, database management system, and types of DBMS and SQL.
Part 2
- We learned to create a database and maintain it using SQL statements.
- Best practice methods were also mentioned.
#sql server #benefits of schemas #create schema in sql #database schemas #how to create schema in sql server #schemas #schemas in sql server #sql server schemas #what is schema in sql server
1591391400
Set Up Your Own BIND9 DNS Resolver on CentOS 8/RHEL 8
This tutorial will be showing you how to set up a local DNS resolver on CentOS 8/RHEL 8, with the widely-used BIND9 DNS software. There are many synonyms for DNS resolver, some of which are listed below. They all refer to the same thing.
#centos #redhat #bind9 #centos server #dns #dns resolver #linux #red hat #red hat server