-
Notifications
You must be signed in to change notification settings - Fork 39
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RPKI not *all* IPs are checked for ROA? #1592
Comments
The RPKI code has the correct loop: Internet.nl/checks/tasks/rpki.py Lines 274 to 275 in 0e5a6d1
However at least here: Internet.nl/checks/tasks/rpki.py Lines 125 to 126 in 0e5a6d1
Both via this code: Internet.nl/checks/tasks/shared.py Lines 47 to 64 in 0e5a6d1
Call this function: Internet.nl/checks/tasks/shared.py Lines 153 to 154 in 0e5a6d1
So maybe replacing this with code that returns the complete set. Another problem seems to be the use of Internet.nl/checks/tasks/shared.py Line 198 in 0e5a6d1
|
This seems to be a bug. The intent of the RPKI subtest was to check all IP's also of the servers:
Odd to discover this only now. Do we want to have this fixed in 1.9 (because from that release on RPKI will have score impact)? |
Some useful scripting to use the https://tranco-list.eu/ to find stuff: curl -sSfLA '' "https://tranco-list.eu/download_daily/$(curl 'https://tranco-list.eu/latest_list' -sSfA '' -o /dev/null -w "%{redirect_url}\n" | cut -d/ -f5)" | bsdtar -Oxf- | cut -d, -f2 | tr -d '\r' > top-1m.list
head -n1000 top-1m.list | sed 's/$/ NS/g' | xargs dig +noall +answer > top1000ns
awk '{print $5}' top1000ns | sed 's/\.$/ A/g' | sort -u | xargs dig +noall +answer | awk '{l[$1]=l[$1]$5" ";n[$1]++}END{for(d in l){if(n[d]>1)print n[d], d, l[d]}}' | sort -nr > top1000ns-multi-ipv4 E.g. |
head -n1000 top-1m.list | sed 's/$/ MX/g' | xargs dig +noall +answer > top1000mx
awk '{print $6}' top1000mx | sed 's/\.$/ A/g' | sort -u | xargs dig +noall +answer | awk '{l[$1]=l[$1]$5" ";n[$1]++}END{for(d in l){if(n[d]>1)print n[d], d, l[d]}}' | sort -nr > top1000mx-multi-ipv4 Regarding multiple IPv4's per MX, this is happening a lot, e.g.:
|
See example https://internet.nl/site/amazon.nl/3077099/:
The text was updated successfully, but these errors were encountered: