Open baknu opened 1 year ago
rhybar.cz
does not resolve at all atm. Is it still valid?
rhybar.cz
does not resolve at all atm. Is it still valid?
Should be: www.rhybar.cz
Some of the underlying subdomains of https://www.email-security-scans.org/ could probably also be used to test the workings of the Internet.nl mail test. See: https://www.email-security-scans.org/description.php
For HTTP status codes: https://returnco.de
Not really a domain, but both paths have a invalid + valid route:
https://rpkitest4.nlnetlabs.net/valid.json / 185.49.142.6
https://rpkitest6.nlnetlabs.net/valid.json / 2a04:b907::6
Note the valid.json
returns {"rpki-valid-passed":<boolean>,"rpki-invalid-passed":<boolean>,"ip":<String>}
and has the proper CORS headers enabled:
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range
Access-Control-Expose-Headers: Content-Length,Content-Range
See https://bgp.tools/rir-owner/nl.nlnetlabs:
185.49.142.6
is routed by:
:x: invalid 185.49.142.0/24
(more specific)
✅ valid ROA 185.49.142.0/23
(less specific)
2a04:b907::6
is routed by:
:x: invalid 2a04:b907::/48
(more specific)
✅ valid ROA 2a04:b907::/47
(less specific)
Revoked and expired certificate list: https://www.ssl.com/sample-valid-revoked-and-expired-ssl-tls-certificates/
Some pet project I was working on last weekend, with the goal to:
?p=
with HTML also have an 'API'Al based on the base32 hostname (limited to 63 chars), which uses deflate compression with a shared dictionary to compress more input. Base36 could also be used to store more bits per char. WIP: https://v1.b6a.nl/ using this domain temporary, the current dictionary is very small and raw deflate is used, not the zlib with 'overhead' of 2 header bytes, 4 bytes DICTID (adler32 of dictionary content) and a final 4 bytes adler32, this meant the hostnames will brake when the dictionary will change, so don't expect that it is stable in any way yet.
Some dictionary inspiration:
Related:
IPv6 only nameserver:
More TLS valid, revoked and expired test domains from https://letsencrypt.org/certificates/:
ISRG Root X1 (RSA 4096):
ISRG Root X2 (ECDSA P-384):
See https://www.dnscheck.tools/#more, it can do quite some DNSSEC things:
DNS TEST QUERIES
dnscheck.tools is also a custom DNS test server! Make test queries like:
$ dig [SUBDOMAIN.]go[-ALG][-NET].dnscheck.tools TXT
SUBDOMAIN
The SUBDOMAIN is composed of DNS response options, separated by a hyphen. Options may include:
any of:
<random> - a random number, up to 8 hexadecimal digits; useful for cache busting
compress - force the use of DNS message compression in the response
[no]truncate - force or disable message truncation for responses over UDP
watch - mirror corresponding requests to the [/watch/<random>](https://www.dnscheck.tools/watch) page; requires <random>
up to one of:
padding<n> - add <n> bytes of EDNS0 padding, up to 4000, to A, AAAA, and TXT responses
txtfill<n> - add <n> bytes of padding as TXT data, up to 4000, to TXT responses
up to one of:
formerr - respond with "format error"
servfail - respond with "server failure"
notimpl - respond with "not implemented"
refused - respond with "query refused"
noreply - do not respond
up to one of:
nosig - do not provide any DNSSEC signature in the response
badsig - provide an invalid DNSSEC signature when signing the response
expiredsig[<t>] - provide an expired DNSSEC signature when signing the response, <t> seconds in the past (default 1 day)
ALG & NET
The zone, go[-ALG][-NET], sets DNSSEC signing and network options.
ALG may be one of:
alg13 - sign the zone using ECDSA P-256 with SHA-256 (default)
alg14 - sign the zone using ECDSA P-384 with SHA-384
alg15 - sign the zone using Ed25519
unsigned - do not sign the zone
NET may be one of:
ipv4 - offer only IPv4 authoritative nameservers
ipv6 - offer only IPv6 authoritative nameservers
The zone "go" is equivalent to "go-alg13" and has both IPv4 and IPv6 authoritative nameservers.
IPv6-only websites: forfun.net ipv6.google.com ipv6.internet.nl
Wrong DANE: web: domains on https://www.huque.com/dane/testsite/ mail: wrong.havedane.net
HTTPS/TLS issues: Domains on https://badssl.com/