Some great work from Denis Sinegubko yesterday on a VexTrio affiliate who has been compromising websites for years. This is complex research coming in three parts and aligns with some of our own.

A few highlights for me...sprinkling in some of our Infoblox work:
* The DollyWorld actor is a VexTrio (specifically a Los Pollos) affiliate since 2016. Given that Los Pollos dates to 2015, this is an old partner.
* Around November 20th, 2024, Los Pollos announced to their customers they would stop push monetization. I've written a lot on push monetization as a source of lingering evil. Whatever caused this change, it disrupted their affiliates.
* DollyWorld actor and the DNS C2 TXT systems we have been tracking carefully (after all, it's DNS) both switched to Monetizer TDS at that point. Coincidence?
* From Monetizer, both led to Propeller and delivered a variety of malicious content.
* I had originally used germannautica[.]com to get the VexTrio hook and then later was able to trigger participates[.]cfd (Monetizer) through the same site.
* Where VexTrio was just scams, the new TDS pattern also gave me malware

Most importantly -- scams pay! These affiliate actors are running for years on compromised sites and constantly updating their techniques. Why else would they keep going?

#dns #threatintel #cybercrime #cybersecurity #infosec #malware #scam #vextrio

https://www.godaddy.com/resources/news/dollyway-world-domination

First alpha release of PowerDNS DNSdist 2.0.0
https://blog.powerdns.com/2025/03/18/first-alpha-release-of-powerdns-dnsdist-2.0.0 #dns #dnssec

Would anyone like to recommend a good domain name registrar? Or any I should avoid? Looking for services located in Europe, not owned by any overtly evil empire, must support DNSSEC and reasonable prices for .com and .org.

I've come across the below web page but I'm looking for recommendations from someone who has actual experience with using the services.

https://european-alternatives.eu/category/domain-name-registrar

howdy, folks - it's been a bit since our last #hachyderm infra check in.

stuff in motion:

- ditching #terraform cloud & tf for #opentofu and #atlantis. we are just about to import our dev environment and put it through its paces.
- bringing #postgresql under ansible management. the team has been doing awesome work, and we've started to spin up dev nodes using the new playbooks. soon: production!
- moving #DNS zones away from AWS route 53. we chose bunny DNS as our provider and have been doing basic tests in dev. we'll likely prep our records for production this week with a plan for a cutover in one of the coming weekends.

and if you filled out our volunteer form and haven't heard from me in a bit - you're still on the list. we'll onboard a new batch of folks in the next couple of weeks.

@hachyderm

If you like using other people's DNS, this is a reminder that CIRA has the "Canadian Shield," the free public DNS (for Canadians).

https://www.cira.ca/en/canadian-shield/configure/home-router/

« J'ai testé le transfert d'un domaine vers LeBureau.coop »

https://notes.sklein.xyz/2025-03-17_2250/zen/

#DNS #CoopMovement #coop #registrar #selfhost

cc @arthru

Last week was another stakeholder meeting on #DNS4EU. #Whalebone provided a short overview of the project including a timeline. Public launch is scheduled for June this year. The talk elaborates on various considerations of the new #DNS project. I was mostly interested in the deployment aspect, the #DDoS slides and the #privacy and #anonymization mechanisms.

My personal main concern with the project is the absence of resolver technology. The project plainly uses the #KnotDNS resolver. Not a bad choice, but University taught me that diversity in the backend software introduces even more resiliency. Yet, as Whalebone is a #Czech company, it is apparent why they chose #KnotDNS exclusively.

The slides are public.

Suite à un #DDOS sur les serveurs #DNS de la #FDN, une partie des services de UNDERWORLD a été indisponible. Le temps de comprendre et de mitiger le problème/impact sur l'ensemble de l'infra UNDERWORLD.

https://www.fdn.fr/renforcement-serveurs-dns-2025/

OK, reports from the different teams at the RIPE #DNS hackathon.

https://github.com/DNS-Hackathon

First, the resviz project (#DNS resolution visualizer). The goal is to be pedagogical (how resolvers work by showing the auth. servers queried)

In the mean time, the #DNS hackathon in Stockholm is running fine https://github.com/DNS-Hackathon

Specially important are the names of the projects :-)

Network I am unfucking in Maine had an issue. They tried to roll out a new VoIP subscriber in an area they had never done before, spent two days blaming magic (and #DNS) before calling me in.

I had never logged into any of the devices at this facility before in my life, didn't know how they were cabled, or even what was there.

Spent an hour and a half gathering credentials for things, mostly because they were slow in responding to all requests. Only spent about 20 minutes actually fixing the issue, and most of that was me remembering how to find a customer's port in an Adtran TA5000.

The problem as stated? "They can't resolve this host, foo.bar.com, it must be a DNS issue, but we can't find it."

Actual problem: the DHCP server config did not send the client a default route. Client could not resolve anything because it could not reach the DNS servers, nor anything else for that matter.

Added default route config to the DHCP server, found the customer in the TA5000, bounced their ONT port. Boom, headshot. Problem solved.

Tools I used to find this? ping, arp, route, and looking at the configuration. Before I got called in, they had gathered numerous packet captures, and provided all manner of useless supposition. Start simple, sometimes it is all you'll need. tcpdump is a great tool, but I never reach for it first. As for supposition, it's nothing but a huge waste of time, look at the facts. Can I ping this thing from the core? No. Can I ping this thing from the directly attached router? Yes. Okay, it doesn't have a route. Do I have a route for that subnet in the core? Yes. And so on....

Shit like this is why I despise the, "It's always DNS." bullshit.

Renforcement des protections des serveurs #DNS récursifs ouverts de @FDN pour une durée indéterminée : https://www.fdn.fr/renforcement-serveurs-dns-2025/

Quelles conséquences ?
- Aucune pour les membres #FDN et #FFDN
- Aucune pour les personnes externes utilisant DoT et DoH
- Une indisponibilité pour le reste du monde

Que faire pour continuer à utiliser nos DNS? Activer DoT et DoH sur vos routeurs, box ou navigateurs (voir article)

Sinon utiliser d’autres DNS ouverts (liste non exhaustive https://sebsauvage.net/wiki/doku.php?id=dns-alternatifs)

At the Netnod office for the RIPE #DNS hackathon. It is located in former film studios. Do you recognise the Swedish movie in the sculpture?

Les serveurs DNS ouverts de #FDN ne répondent plus vraiment (j'ai vu qu'ils se sont pris des ddos) et ma freebox ne gérant pas DoH/DoT, quels serveurs DNS ouverts, éthiques et respectant la vie privée me conseillez-vous ?
#freebox #free #internet #france #censure #privacy #dns

Quad9 and KanREN Partner to Strengthen Cybersecurity in Educational Networks

https://www.quad9.net/news/blog/quad9-and-kan-ren-partner-to-strengthen-cybersecurity-in-educational-networks

A list of Digital Service Providers outside the jurisdiction of the United States of America.

https://codeberg.org/Linux-Is-Best/Outside_Us_Jurisdiction

This is a group project, so feel free to reach out if you have any suggestions, or learn any new information.

#Vpn #Email #Dns #Domain #Messenger #WebHosting #PasswordManager #WebSearch #UsJurisdiction #Project2025 #UnitedStates

Last day of #ICANN82 Community Forum here in Seattle! Our team stays committed all day long today to answer all of your questions about how Afnic can be your trusted partner for the next gTLD round.

Beyond actively participating in key discussions this week the Afnic delegation was thrilled and immensely proud to introduce Afnic Registry Services to the community.

See you in Prague for the #ICANN83 Policy Forum!

Hello. For a #DNS course I am looking for examples of working #IDN domain names, ideally that have a website on it to show to students. I have difficulties to find some. Any idea ? cc @bortzmeyer @shaft