Setting up DN42 WHOIS Server with Nginx

In my previous post, "Setting up Gopher Site with Nginx", I mentioned that the Gopher service is a byproduct of my original plan: modifying Nginx into a WHOIS server for DN42. This post will explore into details of that process.The WHOIS ProtocolFirst, we can find a WHOIS server to observe its response. Choose the WHOIS server for .pub domain as an example, and run telnet whois.nic.pub 43:# Type following line and hit enterlantian.pub# WHOIS server responded with:Domain Name: lantian.pubRegistry Domain ID: c69e5ccf9d834900be26f88fddc5c9e4-DONUTSRegistrar WHOIS Server: whois.dnspod.cnRegistrar URL: https://www.dnspod.cnUpdated Date: 2021-01-07T14:09:11ZCreation Date: 2016-10-23T08:36:41ZRegistry Expiry Date: 2029-10-23T08:36:41ZRegistrar: DNSPod, Inc....
Illustration

Setting up Gopher Site with Nginx

Changelog2021-03-24: Improve post-processing, add scripts for parsing links and images.2021-03-21: Initial version.What's GopherGopher is a protocol born in the early ages of the Internet. It was invented at the University of Minnesota in 1991, with a purpose similar to HTTP today. The protocol itself is extremely simple:Client connects to TCP port 70 of the server, and send one line of URL ending with CRLF, e.g. some_dir/hello.txtServer sends data of the requested file and closes the connection.And we're done.The server could be returning a text file, a picture, a binary file, or a Gopher list file called Gophermap with special formatting. Each line of the file is composed of the following fields:A character representing the type of this line, may it be text (i), a link to a text file (0)...

Make an Infinite Sleep Program in Only 4KB

In my network configuration, some of my Docker containers, for example DNS, need to achieve high availability with Anycast. In my previous post, I created a Busybox container and run tail -f /dev/null, in order to let it persist infinitely, but without using any CPU cycles, to maintain a network namespace used by both the server application and BIRD.In short: I invented a Pod in Kubernetes on my own.I don't use K8S, since my nodes run individually rather than in a cluster, I don't need the cluster functionality of K8S at all. In addition, K8S is difficult to set up.But on another thought, a Busybox container seems like an overkill for this purpose, and I have to set the entrypoint manually. It would be great if I have a tiny Docker image that only sleeps indefinitely.Plan A:...

Static Build Tiny Docker Images

What's stored in Docker images can be seen as numerous tiny Linux systems. Most of them are based on Debian, Ubuntu, or Alpine, with extra software installed on top.Using a complete Linux distribution as the basis gives the benefit of having commonly used commands available, such as ls and cat. They are often used in the image-building process. In addition, they have comprehensive libraries of software packages, allowing users to create images that "just work" with apt-get. However, as soon as the image is built, these utilities become unnecessary burdens for disk space. In addition, a full Linux contains a service managing daemon, like SystemD or OpenRC, useless for Docker containers running only one program at a time.Although Docker images are "overlaid",...
Illustration

Writing Stories in Traceroute, Elegantly

Traceroute is one of the popular tools for network inspection. It shows the IP addresses of routers on the route from your computer to a destination server, similar to:Domains are shown on the last 2 hops, which is the IP's reverse DNS record. Reverse DNS records exist as PTR records in the format of 4.3.2.1.in-addr.arpa. For more information, you may refer to Setting IP Reverse Records in DN42 (Chinese Only).Naturally, where there are characters, there will be stories shown in them. Two years ago, I set up a bunch of Docker containers, and modified and chained their routing tables, so they create the path needed for showing the essay.Using a lot of containers isn't elegant enough, and is a management burden, especially if the path is long....

Disabling TR069 on a Youhua PT926G Fiber Optic Modem

This post explains the procedure to disable TR069 on a Youhua PT926G fiber optic modem, to prevent China Telecom from pushing config/firmware updates, and void your change of switching to bridging mode or setting port-forward rules.In the WAN settings of the management portal of this modem, the TR069 connection can neither be modified nor removed. But with a simple patch on the management portal's code, you can break the limitation on the modem.First, you should follow my previous post: Hacking a Youhua PT926G Fiber Optic Modem, to obtain the Telnet Root password.Then Telnet in, run su, and type in the password to get to Root Shell. When you do that correctly, the command-line will prompt #.Then follow these steps:Type cp /home/httpd/web/net_eth_links.asp /var/ and hit Enter....
Illustration

Planning Ahead: Using Post-Quantum Cryptography

On the modern Internet, most websites already support HTTPS. The SSL/TLS encryption protocol will encrypt users' requests and the website's responses so that malicious users along the way cannot steal or tamper with the information. One important component of SSL/TLS protocol is asymmetric cryptographic algorithms. For these algorithms, the key separates into a public key and a private key, with the public key being public and the private key protected carefully.Accessing an HTTPS website usually follows these procedures:The website sends its public key (as a certificate) to the browser.The browser will verify the public key in case that a man-in-the-middle modified the key in order to block or tap into the communication.The browser (or the operating system)...

Self-hosting a DNS Root Server

With the scale of conflict between China and the United States increasing, on some social media websites in China, some users started expressing concerns for the United States cutting China's access to DNS root servers or removing China's domains in the root servers in order to break China's Internet.By now, there is much analysis on the matter that states that this is unlikely to happen. Most of them focus on the following two points:DNS root servers use Anycast to broadcast their IPs, and there are root servers present in China that won't be affected by the network cut;For the United States, shutting down root servers cause more trouble than benefit, both economically and politically.Yet today, I'm going to present another point:...
Illustration

How to Kill the DN42 Network (Updated 2020-08-28)

DN42 is an experimental network, where everyone helps everyone. Nobody is going to blame you if you screwed up. You may seek help at DN42's IRC channel, mailing list or the unofficial Telegram group.Since DN42 is a network for experimentation, a lot of relatively inexperienced users also participate in it. Therefore, occasionally an inexperienced user may misconfigure his/her system and impact the whole DN42 network or even shut it down.As a more experienced user, here I will teach new users about some operations that can kill the network and about defense against such misconfigurations that everyone can set up against peers.WARNING: You should not actually perform these operations in DN42. You should focus more on protecting yourself against them....

Hacking a Youhua PT926G Fiber Optic Modem

This post explains the procedure to obtain such privileges from a Youhua PT926G fiber optic modem, without disassembling the device or using serial port converters.Super Admin users on Web UI (telecomadmin)Telnet's root user accessFTP accessFYI I obtained the device from China Telecom, Guangdong Shenzhen.Log on as Super AdminIf you directly access the modem's IP (http://192.168.1,1), you will see such a login page to the modem:Here you can log in with account name useradmin and the password labeled on the back of the modem, but there's not much you can do once logged in. The only useful thing seems to be Wi-Fi setting.But a Nmap scan reveals much more:$ nmap -v 192.168.1....