This post will be about my approach to something, that is almost obsolete. It is about orchestration. Back in the old days, people used to have a real computers or virtual machines and used to install and configure software. And also maintain it for years to come. I know that nowadays, you just create a bunch of pods, each one consisting from multiple containers you downloaded from DockerHub and whenever you need to reconfigure or update something, you just throw them away. Or even the whole datacenter. But I’m old and I still maintain individual systems with multiple services running. And jokes aside, when you do that, you want to have some automation to make it easier. That is what orchestration is for – to manage multiple machines from one central point and to make sure that everything is up to date and configured consistently.
What has the new version of FRED brought and has yet to bring?
At the beginning of December 2023, we released a new version of FRED, the domain management system we developed for the operation of the Czech national domain, .CZ. and serving the same purpose in ten other countries. It is used to manage the domains of Argentina (.AR), Bosnia and Herzegovina (.BA), Costa Rica (.CR), Albania (.AL), North Macedonia (.MK), Tanzania (.TZ), Angola (.IT.AO and .CO.AO), Malawi (.MW), Lesotho (.LS) and Macau (.MO). The new version of FRED is pieced together from a multitude of incremental changes developed over the last 12+ months, which, with a few exceptions, we have continuously deployed into production in our country. A number of the modifications were interdependent in a significant way, so it was not possible to publish minor updates of the system because it would have been difficult for foreign registries to switch to them. FRED 2.48 is recommended as the version to upgrade to.
Merry Christmas and Happy New Year 2024
Dear readers of our blog, thank you for your support and we wish you a Merry Christmas and a Happy New Year. We look forward to seeing you in 2024.
The CZ.NIC team
Knot Resolver 6.x News
In this post, I’d like to introduce the upcoming major version of Knot Resolver project, which is currently in the testing and debugging phase, and we would greatly appreciate if you could try it out and give us any feedback on it.
Sentinel View report – October 2023
An interesting dynamic is happening at the top of the attackers’ chart. First of all, Iranian attacks were overshadowed by other countries to the degree that we no longer see them in higher positions. To mention the current top four most significant, we would highlight Romania, Germany, Bulgaria, and the Netherlands. There had been consistent attacks from Germany that came into prominence about the 4th of October and then slowly started to disappear on the 16th until the final dissolution on the 18th of October. The graph line for German attacks looks very stable and consistent. On the other hand, Romania’s malicious activity, which took the top of the charts, looked erratic and unorganized in the graph. To the degree that Sentinel View graphs in the Incidents section, except for Top countries by recorded incidents, are rendered almost useless.
Sentinel View report – September 2023
On the first pages of the Report, we can see that September numbers are very comparable to August data. Iran-based attackers moved away from top charts, and we see that addresses from the United States now take the lead in the HTTP minipot incidents records.
Sentinel View report – August 2023
Minipot attacks decreased by nearly a half from the preceding month in August. The subnet 46.148.40.0/24 members were not so active last month, and we can see addresses from other countries emerging at the top of the table. Notable mentions go to some European countries, namely Germany and Romania, who got back into the spotlight.
Sentinel View report – July 2023
Number of individual attackers had risen and minipot attacks doubled. Last month only three of the top attackers emerged from subnet 46.148.40.0/24, yet this month the majority of all attackers came from this Iraq subnet.
RFC 9432: DNS Catalog zones
A DNS zone is usually served by multiple authoritative servers, which is actually recommended for the sake of redundancy. Large authoritative DNS operators even combine different name server implementations to avoid complete infrastructure outage in case of any software error. For synchronizing zone contents between authoritative servers, a DNS-specific mechanism is available, called zone transfer. It is well established and supported by all common DNS implementations. It enables both full zone transfer (AXFR) and incremental update (IXFR).
Sentinel View report – June 2023
The total number incidents decreased by half. However, there are only slightly fewer than 10,000 distinct attackers on the greylist. The last month’s seemingly minor reduction may have been indicative of an ongoing decline.