Programming

MySQL replication status monitoring

Background

I am running my own authoritative DNS servers for the last few years. In earlier stages I just used registrar-provided DNS, later moved to “Cloud provider” provided DNS and ultimately settled for running my own auth DNS.

Two major requirements pushed me to self-host auth DNS:

  1. Requirement of REST API for DNS needed by the web servers to resolve Letsencrypt certbot DNS-based challenge. This allows me to have internally hosted tools with Letsencrypt issues TLS certificates instead of self-signed ones. The API access is mostly missing in the registrars hosted DNS.
  2. Occasional DDoS on my blog. There have been occasional DDoS on my blog (probably from random people who enjoy doing volumetric attacks). This always worried me about DNS bills during DDoS, especially for low TTL records. The last hosted DNS option I had over a year ago was Google Cloud DNS and they charge $0.40 per million queries per month. This can add a significant amount to the bill if under massive DDoS resulting in many millions of DNS queries. Plus per zone 20 cents charge gets expensive at a scale with a half a dozen domains.

After exploring a few options I settled for running PowerDNS with MySQL backend. This is kind of a comfort zone since I ran similar systems for my employers in past and it worked well. PowerDNS is a great option for authoritative DNS as it has nice documented REST API, CLI utility pdnsutil for easy high-level scripting, supports a bunch of backends to store DNS records from BIND like text files to MySQL. It is also good (automated) support to handle DNSSEC for signing the zone.

Using bgpq3 for automated filter generation

Came across excellent tool called “bgpq3” from one of recent posts in NANOG mailing list. This tool can general filters for a given ASN for Cisco or Juniper based on RADB’s data.

E.g Juniper style config for AS54456 (1st ASN on which I worked on!) :)

anurag@server7 ~> bgpq3 -Jl Cloudaccess as54456 
policy-options {
replace:
 prefix-list Cloudaccess {
    199.116.76.0/24;
    199.116.77.0/24;
    199.116.78.0/24;
    199.116.79.0/24;
 }
}
anurag@server7 ~> 

Cisco style config:

> anurag@server7:~$ bgpq3 -l Cloudaccess as54456 
no ip prefix-list Cloudaccess 
ip prefix-list Cloudaccess permit 199.116.76.0/24 
ip prefix-list Cloudaccess permit 199.116.77.0/24
ip prefix-list Cloudaccess permit 199.116.78.0/24
ip prefix-list Cloudaccess permit 199.116.79.0/24 
anurag@server7:~$

Cisco XR style config:

Dumb script for Picasaweb backup on Linux server & Amazon S3

Just wrote a quick script to pull dump of Picasaweb albums backup on my server & further to Amazon S3. Overall I have good trust on Google for data but it’s always a poor idea to leave all eggs in single bucket.

OK here’s the script (poorly written code. Literally spent 10mins on this, thus suggestions to improve my coding are more then welcome!)

 #!/bin/bash

Destination=<PUT YOUR DESTINATION HERE!>
google picasa list-albums | cut -d"," -f1 » $Destination/tmp/album_list.txt

cat $Destination/tmp/album_list.txt | while read album

do
          google picasa get “$album” $Destination/tmp
done

FileName=PicsBackup-`date ‘+%d-%B-%Y’`.tar
tar -cpzf $Destination/$FileName $Destination/tmp
gpg –output $Destination/$FileName.pgp -r –always-trust –encrypt $Destination/$FileName
s3cmd put $Destination/$FileName.pgp s3://YOUR-AWS-S3-BUCKET-ADDRESS-HERE

rm -r $Destination/tmp/*
rm $Destination/$FileName
rm $Destination/$FileName.pgp

How to use

Simply download Google Cli scripts, and get your Google account working with the installed stack. Also if you need Amazon S3 backup support then install & configure s3cmd. Once you have both of these configured with your account, simple give executable bit to the script & run!

Domain to IP/ASN/BGP block mapping script

Sleepless night. Reading more about Quagga and it’s options.

In meanwhile a quick 5min script to enable domain to BGP/IP/ASN mapping. This script is using basic dig command (for finding IP address) and Team Cymru whois service for IP to ASN/block mapping.

#!/bin/bash  
\# Script for domain name to IP/ASN/BGP block mapping  
hostname=v4.whois.cymru.com  
IP=$(dig $1 a +short)  
whois -h $hostname " -c -p $IP"

Yeah just 3 line script! Less code = more power! 

Simple bash script for IP-ASN mapping

Whenever I see a new unknown IP range, it gets hard to find exact source of that IP within command shell. Recently, I found a very interesting source of that information from Team Cymru.

I figured out (with a friend’s help) that using their whois server - v4.whois.cymru.com one can actually grab limited information as required. 


E.g

anurag@laptop:~$ whois -h v4.whois.cymru.com "  -v 8.8.8.8"
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name

15169   | 8.8.8.8          | 8.8.8.0/24          | US | arin     | 1992-12-01 | GOOGLE - Google Inc.

As we can see -v gives all possible information. All I needed was AS number, AS Name, BGP Prefix, Country code - this gives enough information for an IP address. Thus command turns out to be with -c & -p.