Krzysztof Dmowski @xaphanpl

**John Kristoff** @jtk@infosec.exchange · 16h

Weekend Reads

* IPv6 adoption measurement https://arxiv.org/abs/2507.11678
* Starlink capacity analysis https://thexlab.org/wp-content/uploads/2025/07/Starlink_Analysis_Working_Paper_v0.2.pdf
* How subsea cables are made https://www.nytimes.com/2025/07/14/business/undersea-power-cables-electricity.html?unlocked_article_code=1.XU8.sGVr.yJ6BP0S1lC5Z
* Monitoring DNS root prefixes https://www.thousandeyes.com/blog/monitoring-root-dns-prefixes
* Internet yellow pages censorship measurement https://petsymposium.org/foci/2025/foci-2025-0007.pdf

arXiv.orgTowards a Non-Binary View of IPv6 AdoptionTwelve years have passed since World IPv6 Launch Day, but what is the current state of IPv6 deployment? Prior work has examined IPv6 status as a binary: can you use IPv6, or not? As deployment increases we must consider a more nuanced, non-binary perspective on IPv6: how much and often can a user or a service use IPv6? We consider this question as a client, server, and cloud provider. Considering the client's perspective, we observe user traffic. We see that the fraction of IPv6 traffic a user sends varies greatly, both across users and day-by-day, with a standard deviation of over 15%. We show this variation occurs for two main reasons. First, IPv6 traffic is primarily human-generated, thus showing diurnal patterns. Second, some services are IPv6-forward and others IPv6-laggards, so as users do different things their fraction of IPv6 varies. We look at server-side IPv6 adoption in two ways. First, we expand analysis of web services to examine how many are only partially IPv6 enabled due to their reliance on IPv4-only resources. Our findings reveal that only 12.5% of top 100k websites qualify as fully IPv6-ready. Finally, we examine cloud support for IPv6. Although all clouds and CDNs support IPv6, we find that tenant deployment rates vary significantly across providers. We find that ease of enabling IPv6 in the cloud is correlated with tenant IPv6 adoption rates, and recommend best practices for cloud providers to improve IPv6 adoption. Our results suggest IPv6 deployment is growing, but many services lag, presenting a potential for improvement.

#IPv6 #Starlink #SubseaCable

**B'ad Samurai** @badsamurai@infosec.exchange · 22h

22h

B'ad Samurai @badsamurai@infosec.exchange

Ending DNS Week with a silly game!

This is a proof-of-concept game utilizing DNS TXT records to dynamically generate Mad Libs running locally in JavaScript.

https://ttl.ninja/madlibs/

https://github.com/TTLNinja/madlibs

ttl.ninjaDNS Mad Libs - by B'ad Samurai

#dns #infosec #lots

**Joel Carnat** @joel@tumfatig.net · 1d

Joel Carnat @joel@tumfatig.net

#DNS question: when you transfer a domain name from one provider (registrar ?) to another, does the "expire date" is kept untouched or reset to 1 year?

**OTX Bot** @techbot@social.raytec.co · 2d

OTX Bot @techbot@social.raytec.co

DNS: A Small but Effective C2 system

This analysis explores the exploitation of DNS for command-and-control operations and data exfiltration. It details how cybercriminals leverage DNS tunneling to create covert communication channels, bypassing traditional security measures. The article examines various DNS tunneling families, including Cobalt Strike, DNSCat2, and Iodine, discussing their prevalence and unique characteristics. It also highlights Infoblox's Threat Insight machine learning algorithms, which can detect and block tunneling domains within minutes. The study provides insights into the detection rates of different tunneling families and discusses the challenges in differentiating between legitimate and malicious DNS traffic.

Pulse ID: 6878f6e5d14da64ae460ad61
Pulse Link: https://otx.alienvault.com/pulse/6878f6e5d14da64ae460ad61
Pulse Author: AlienVault
Created: 2025-07-17 13:13:08

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

#CobaltStrike #CyberSecurity #DNS

Continued thread

**Renata Rocha** @renatarocha@mstdn.ca · 2d

Renata Rocha @renatarocha@mstdn.ca

Do I know anyone in the world of #DNS or who works at #Scaleway who can offer me a hand and help me get my domain back online?

**CryptGoat** @cryptgoat@fedifreu.de · 2d *

2d *

CryptGoat @cryptgoat@fedifreu.de

"Die CUII gibt auf." Huh. Krass! Da sieht man mal, wie sehr sich etwas Mut und Courage lohnen können - und auch dass Einzelne etwas bewirken können!

Kontext: 2024 veröffentlichte eine damals 17–Jährige die eigentlich "geheimen" Sperrentscheide von Websites der privat organisierten und nicht demokratisch legitimierten "Clearingstelle Urheberrecht" (CUII),
ein Zusammenschluss von Urheber.innen und Providern. Nun soll es wieder Gerichtsentscheide für Sperren brauchen.
https://netzpolitik.org/2025/die-cuii-gibt-auf-fuer-netzsperren-braucht-es-jetzt-einen-gerichtsentscheid/

netzpolitik.org · 2dDie CUII gibt auf: Für Netzsperren braucht es jetzt einen GerichtsentscheidDie CUII, ein Zusammenschluss von Internetprovidern und Rechteinhabern, verzichtet nach einem Rüffel der Bundesnetzagentur darauf, nach eigenem Gutdünken Websites zu sperren. Das haben wir vermutlich der 18-jährigen Lina zu verdanken.

#CUII #Netzsperren #Zensursula

**PowerDNS** @PowerDNS@fosstodon.org · 2d

PowerDNS @PowerDNS@fosstodon.org

PowerDNS DNSdist 2.0.0 RC2 Released

https://blog.powerdns.com/2025/07/17/second-release-candidate-of-powerdns-dnsdist-2.0.0

blog.powerdns.comSecond release candidate of PowerDNS DNSdist 2.0.0Second release candidate of PowerDNS DNSdist 2.0.0

#dns #dnssec

**B'ad Samurai** @badsamurai@infosec.exchange · 2d

B'ad Samurai @badsamurai@infosec.exchange

Since DNS is on today I should note if you're a Splunk shop, the DNS data model in Enterprise Security does not include the field for TXT record values, you need to add that manually.

Then you can do high-fidelity detections such as length and base64 with conversions looking for code.

#dns #splunk #blueteam

**B'ad Samurai** @badsamurai@infosec.exchange · 2d *

2d *

B'ad Samurai @badsamurai@infosec.exchange

DNS TXT isn't just for malware, C2s and exfil. It can be fun too!

ASCII art (Resolve-DnsName -Type TXT run-dns.never.watch).Strings | Sort
Storing encodings .never.watch
Mazes! (Resolve-DnsName -Type TXT maze.never.watch).Strings | Sort
QR codes (Resolve-DnsName -Type TXT qr.never.watch).Strings -replace '#','█' | Sort
Trolling/activism ··⧸··⧸.never.watch
Guitar tabs
Playlists/reading lists
Geocities-era guest books

#dns

**Trusty** @trusty@dnsimple.social · 3d

Trusty @trusty@dnsimple.social

Ready to experience effortless #DNS management? Elevate your #domain and DNS management with automation! In this video, you'll learn how to leverage Infrastructure as Code (IaC) using #Terraform and #DNSimple to efficiently manage domains, DNS zones, and records at any scale.
https://youtu.be/b9_MnHLJlAs

**Ars Technica News** @arstechnica@c.im · 3d

Ars Technica News @arstechnica@c.im

Hackers exploit a blind spot by hiding malware inside DNS records https://arstechni.ca/hs9B #domainnamesystem #Security #malware #Biz&IT #DNS

Ars Technica · 3dHackers exploit a blind spot by hiding malware inside DNS recordsBy Dan Goodin

**Quad9DNS** @quad9dns@mastodon.social · 3d

Quad9DNS @quad9dns@mastodon.social

We're curious ...How many IP addresses do you have in your recursive resolver list?

30%I have no clue ¯\_(ツ)_/¯
9%Only my fave!
32%Definitely two.
29%2+ - the more the merrier!

#DNS #infosec #privacy

**IT News** @itnewsbot@schleuss.online · 3d

IT News @itnewsbot@schleuss.online

Hackers exploit a blind spot by hiding malware inside DNS records - Hackers are stashing malware in a place that’s largely out o... - https://arstechnica.com/security/2025/07/hackers-exploit-a-blind-spot-by-hiding-malware-inside-dns-records/ #domainnamesystem #security #malware #biz⁢ #dns

Ars Technica · 3dHackers exploit a blind spot by hiding malware inside DNS recordsBy Dan Goodin

**Mr. Tux** @c_th1@digitalcourage.social · 3d

Mr. Tux @c_th1@digitalcourage.social

Meine Datenschutz und Privatsphäre Übersicht 2025, für alle

als PDF Datei:

https://cryptpad.digitalcourage.de/file/#/2/file/G5H5fsq35WPOoSWzEW23dHEG/

#DSGVO #TDDDG #unplugtrump
#Datenschutz #Privatsphäre #sicherheit #Verschlüsselung #Adguard
#encryption #WEtell #SoloKey #NitroKey #Email #Cybersecurity #Pixelfed #Massenűberwachung #Leta
#Google #Metadaten #WhatsApp #Threema #Cryptpad #Signal
#Hateaid #Cyberstalking #Messenger #Browser #Youtube #NewPipe #Chatkontrolle #nichtszuverbergen #ÜberwachungsKapitalismus #Microsoft #Apple #Windows10 #Linux #Matrix #Mastodon #Friendica #Fediverse #Mastodir #Loops #2FA #Ransomware #Foss #VeraCrypt #HateAid #Coreboot #Volksverpetzer #Netzpolitik #endof10 #OpenAndroidInstaller #Nobara
#Digitalisierung #FragdenStaat #Shiftphone #OpenSource #GrapheneOS #CCC #Mail #Mullvad #PGP #GnuPG #DNS #Gaming #linuxgaming #Lutris #Protondb #eOS #Enshittification
#Bloatware #TPM #Murena #LiberaPay #GnuTaler #Taler #PreppingforFuture
#FediLZ #BlueLZ #InstaLZ #ThreatModel
#FLOSS #UEFI #Medienkompetenz

**NLnet Labs** @nlnetlabs@social.nlnetlabs.nl · 3d

NLnet Labs @nlnetlabs@social.nlnetlabs.nl

Unbound 1.23.1 in now available. This security release fixes the Rebirthday Attack CVE-2025-5994.

The vulnerability re-opens up #DNS resolvers to a birthday paradox, for EDNS client subnet servers that respond with non-ECS answers. The #CVE is described here:
https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt

We would like to thank Xiang Li (AOSP Lab, Nankai University) for discovering and responsibly disclosing the vulnerability.
https://github.com/NLnetLabs/unbound/releases/tag/release-1.23.1