mandatoryprogrammer / TLDR

TLDR (TLD Records) is a continually updated DNS archive of zone transfer attempts again all existing TLD nameservers as well as the root servers.
520 stars 53 forks source link

💥 Active TLDR Fork #13

Open flotwig opened 2 years ago

flotwig commented 2 years ago

Since this repo is discontinued as of 2019, I've created a fork of TLDR which is currently being kept up-to-date by an hourly GitHub Action: https://github.com/flotwig/TLDR-2

Differences between TLDR-2 (my fork) and TLDR (this repo):

I'm creating this issue to raise visibility to others that there is an active fork, so you don't have to run this locally or fork it yourself.

@mandatoryprogrammer Would you accept a PR to update the README to link to this in the discontinuation message?

flotwig commented 2 years ago

After finishing working on TLDR-2, I (of course) found that @monoidic has also created a fork named TLDR2 at https://github.com/monoidic/TLDR2. He is also using an hourly GitHub action, and has added some features related to DNSSEC, not quite sure how they work though.

mandatoryprogrammer commented 2 years ago

Sure, feel free to create a PR and I can merge it.

flotwig commented 2 years ago

Sure, feel free to create a PR and I can merge it.

@mandatoryprogrammer done, see https://github.com/mandatoryprogrammer/TLDR/pull/14. Thanks for building this :pray: I'm also curious why you decided to stop updating the zone files, if you feel like sharing. If it's a technical limitation TLDR-2 might have to work around the same issues eventually.

monoidic commented 2 years ago

After finishing working on TLDR-2, I (of course) found that @monoidic has also created a fork named TLDR2 at https://github.com/monoidic/TLDR2. He is also using an hourly GitHub action, and has added some features related to DNSSEC, not quite sure how they work though.

I believe you are referring to the walkable zones part? It detects zones that are vulnerable to zone walking, which can be used to dump zone contents as well, except even through recursive resolvers, with no direct connections to the server. My TLDR2 relies on my https://github.com/monoidic/dns-tools tool, which can perform this zone walk itself on these vulnerable zones, as well as parallel AXFRs, though the tool is not the most user-friendly at the moment.

flotwig commented 2 years ago

@monoidic Ah, very cool. Thanks for introducing me to the concept of "zone walking". For anyone reading this, I found these two resources which helped me understand the concept better: https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions https://blog.cloudflare.com/black-lies/ I starred your dns-tools repo, it sounds like it could come in handy.