User Tools

Site Tools


hackathon2019

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
hackathon2019 [2019/06/18 12:20]
eckelcu
hackathon2019 [2019/06/18 23:21] (current)
willemt [3. Measuring DNS and DoH]
Line 72: Line 72:
  
 ==== 3. Measuring DNS and DoH ==== ==== 3. Measuring DNS and DoH ====
-Champions: Willem Toorop - (NLNET Labs) - Jasper den Hartog - (RIPE NCC) - Lia Hestina ​(RIPE NCC)+Champions: Willem Toorop - (NLNET Labs) - Jasper den Hartog - (RIPE NCC) 
 + 
 +  * {{ ::​20190619_ais19_measuring-dns-and-doh.pdf |Introduction presentation}}
  
 == Generic resources == == Generic resources ==
   - We have setup a Slack channel for discussion within this track. Please Signup for the hackathon channel [[https://​join.slack.com/​t/​hackathonais2019/​shared_invite/​enQtNjY4OTIwMDEyNzQzLTQ2NTZjZjk3MTU0ZDg2ZjExNjM3MWIyZGFlOTNjOTE0ZDI5ODBmNWQ4NjBlM2I3YmQxYjkyYzhiOTllOGY4NWM|here]]   - We have setup a Slack channel for discussion within this track. Please Signup for the hackathon channel [[https://​join.slack.com/​t/​hackathonais2019/​shared_invite/​enQtNjY4OTIwMDEyNzQzLTQ2NTZjZjk3MTU0ZDg2ZjExNjM3MWIyZGFlOTNjOTE0ZDI5ODBmNWQ4NjBlM2I3YmQxYjkyYzhiOTllOGY4NWM|here]]
 +  - Linux command line available with VM on NUC accessible with OpenSSH or [[https://​www.chiark.greenend.org.uk/​~sgtatham/​putty/​|putty]]
  
 === Motivation == === Motivation ==
Line 104: Line 107:
 == RIPE Atlas resources: == == RIPE Atlas resources: ==
  
 +  - High level overview: https://​atlas.ripe.net/​landing/​about/​
   - To get started with RIPE Atlas: https://​www.ripe.net/​support/​training/​webinars/​webinar-recordings/​webinar-ripe-atlas   - To get started with RIPE Atlas: https://​www.ripe.net/​support/​training/​webinars/​webinar-recordings/​webinar-ripe-atlas
   - RIPE NCC provided a voucher providing 5,000,000 credits. The voucher code will be provided during the hackathon, and can currently also be found in the Slack Channel. (Thank you Lia!)   - RIPE NCC provided a voucher providing 5,000,000 credits. The voucher code will be provided during the hackathon, and can currently also be found in the Slack Channel. (Thank you Lia!)
 +
 +During the Internet Measurement Workshop this weekend we scheduled i.root-servers.net A query measurement to:
 +  - 1.1.1.1 - https://​atlas.ripe.net/​measurements/​22015773/​
 +  - 8.8.8.8 - https://​atlas.ripe.net/​measurements/​22015800/​
 +  - 9.9.9.9 - https://​atlas.ripe.net/​measurements/​22015801/​
 +  - Local resolver - https://​atlas.ripe.net/​measurements/​22015822/​
 +  - Local resolver - https://​atlas.ripe.net/​measurements/​22015846/​
 +
 +To determine if DNS is hijacked:
 +  - schedule ''​whoami.akamai.net A''​ to 8.8.8.8
 +  - Returned IP's should be in [[https://​developers.google.com/​speed/​public-dns/​faq#​locations_of_ip_address_ranges_google_public_dns_uses_to_send_queries|this]] list
 +
 +Tools for "​advanced"​ scheduling of RIPE Atlas measurements
 +  - CLI: https://​ripe-atlas-tools.readthedocs.io/​en/​latest/ ​
 +  - Python library: https://​ripe-atlas-cousteau.readthedocs.io/​en/​latest/​
 +  - API: https://​atlas.ripe.net/​docs/​api/​v2/​reference/​
  
 === Resolver Jedi === === Resolver Jedi ===
Line 111: Line 131:
 [[https://​www.ripe.net/​analyse/​internet-measurements/​ixp-country-jedi|The IXP Country Jedi]] is a project that shows if the Internet traffic paths within a country stay within that country. ​ As an example, here are the IXP Country Jedi results for South Africa: http://​sg-pub.ripe.net/​emile/​ixp-country-jedi/​latest/​ZA/​ixpcountry/​index.html [[https://​www.ripe.net/​analyse/​internet-measurements/​ixp-country-jedi|The IXP Country Jedi]] is a project that shows if the Internet traffic paths within a country stay within that country. ​ As an example, here are the IXP Country Jedi results for South Africa: http://​sg-pub.ripe.net/​emile/​ixp-country-jedi/​latest/​ZA/​ixpcountry/​index.html
 The **Resolver Jedi** will build upon this idea and show if the DHCP configured resolver on Atlas Probes are within the same country and also the path towards that resolver. The **Resolver Jedi** will build upon this idea and show if the DHCP configured resolver on Atlas Probes are within the same country and also the path towards that resolver.
 +
 +== Additional Resolver Jedi resources: ==
 +  - Github repository: https://​github.com/​emileaben/​ixp-country-jedi
  
 === Run your own DoH and/or DoT server === === Run your own DoH and/or DoT server ===
Line 124: Line 147:
 == DoH resources == == DoH resources ==
  
 +Try to get a client setup and working:
 +  * Enable DoH in firefox: https://​www.bleepingcomputer.com/​news/​software/​mozilla-firefox-expands-dns-over-https-doh-test-to-release-channel/​
 +  * Enable DoH in bromite: https://​github.com/​bromite/​bromite/​wiki/​Enabling-DNS-over-HTTPS
 +  * Overview of DoT and DoH clients: https://​dnsprivacy.org/​wiki/​display/​DP/​DNS+Privacy+Clients
 +
 +Test if it is working:
 +  * https://​1.1.1.1/​help ​
 +
 +Setup server software on a VM on the NUC:
   * At the last RIPE meeting (78) Carsten Strotmann gave a very nice overview presentation on the [[https://​ripe78.ripe.net/​archives/​video/​127/​|current state of the software ecosystem for DoH and DoT]].   * At the last RIPE meeting (78) Carsten Strotmann gave a very nice overview presentation on the [[https://​ripe78.ripe.net/​archives/​video/​127/​|current state of the software ecosystem for DoH and DoT]].
   * His full list of client and server DoT and DoH implementations van be found here: https://​doh.defaultroutes.de/​implementations.html   * His full list of client and server DoT and DoH implementations van be found here: https://​doh.defaultroutes.de/​implementations.html
hackathon2019.txt · Last modified: 2019/06/18 23:21 by willemt