💥 Active TLDR Fork - Githubissues

mandatoryprogrammer / TLDR

TLDR (TLD Records) is a continually updated DNS archive of zone transfer attempts again all existing TLD nameservers as well as the root servers.

520 stars 56 forks source link

💥 Active TLDR Fork #13

Open flotwig opened 2 years ago

flotwig commented 2 years ago

Since this repo is discontinued as of 2019, I've created a fork of TLDR which is currently being kept up-to-date by an hourly GitHub Action: https://github.com/flotwig/TLDR-2

Differences between TLDR-2 (my fork) and TLDR (this repo):

TLDR-2 will request up to 25 simultaneous AXFRs, TLDR will only request 1. This significantly boosts the speed of a full scan.
TLDR-2 only saves successful AXFRs. This should help keep the repo a manageable size and make the results easier to navigate.
TLDR-2 is actively updated, using a GitHub Action to keep up to date.
In addition to transferable_zones.md, TLDR-2 generates a tab-separated list of AXFR-able zones in transferable_zones.tsv.

I'm creating this issue to raise visibility to others that there is an active fork, so you don't have to run this locally or fork it yourself.

@mandatoryprogrammer Would you accept a PR to update the README to link to this in the discontinuation message?

flotwig commented 2 years ago

After finishing working on TLDR-2, I (of course) found that @monoidic has also created a fork named TLDR2 at https://github.com/monoidic/TLDR2. He is also using an hourly GitHub action, and has added some features related to DNSSEC, not quite sure how they work though.

mandatoryprogrammer commented 2 years ago

Sure, feel free to create a PR and I can merge it.

flotwig commented 2 years ago

Sure, feel free to create a PR and I can merge it.

@mandatoryprogrammer done, see https://github.com/mandatoryprogrammer/TLDR/pull/14. Thanks for building this :pray: I'm also curious why you decided to stop updating the zone files, if you feel like sharing. If it's a technical limitation TLDR-2 might have to work around the same issues eventually.

monoidic commented 2 years ago

After finishing working on TLDR-2, I (of course) found that @monoidic has also created a fork named TLDR2 at https://github.com/monoidic/TLDR2. He is also using an hourly GitHub action, and has added some features related to DNSSEC, not quite sure how they work though.

I believe you are referring to the walkable zones part? It detects zones that are vulnerable to zone walking, which can be used to dump zone contents as well, except even through recursive resolvers, with no direct connections to the server. My TLDR2 relies on my https://github.com/monoidic/dns-tools tool, which can perform this zone walk itself on these vulnerable zones, as well as parallel AXFRs, though the tool is not the most user-friendly at the moment.

flotwig commented 2 years ago

@monoidic Ah, very cool. Thanks for introducing me to the concept of "zone walking". For anyone reading this, I found these two resources which helped me understand the concept better: https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions https://blog.cloudflare.com/black-lies/ I starred your dns-tools repo, it sounds like it could come in handy.