Zyxel, IPv6, DNS, Unicode, exFAT, Joliet, Networking

  • Checked out friends new Zyxel firewall. When adding firewall rules, IPv6 addresses aren't allowed, because those aren't numbers. Phew. I just can't stop loving high quality stuff. So many devices, so broken and such bad engineering.
  • RA options Recursive DNS Server (RDNSS) & DNS Search List (DNSSL) / - RFC8106 - Updated documentation read again, no, I'm not using it currently anywhere. But it's good to keep all options open and in memory. I'm currently using DHCPv6 on all LAN networks I'm administering. But in some cases that might not be viable due to client support limitations, etc.
  • Power DNS - If you're not too familiar with DNS this is a great article to take a look at, yeah sure, it's technical. But that's the only approach that actually works, if you want to know the details. For me, it didn't contain anything new.
  • One customer required that email subject fields must be able to contain Unicode, ok. Had to study and implement: RFC2047 . Done. This is also typical example of system being previously "broken" before someone complained.
  • Got so sick'n'tired with the exFAT corruption that I decided to try Universal Disk Format (UDF) instead. At least it's universal and open format, if it would work without problems. Already in quick testing I managed to create one directory which simply says IO-error on UDF system. Great. As you might have guessed, there's no way to run fsck on UDF system either. So it's basically format to get rid of corrupt data when you get sick'n'tired of it. My exFAT vs UDF post is actually related to this, but it was posted out of order long time ago.
  • Reminded myself about Joliet file system too, even if that's legacy stuff. It was major improvement with CDs long time ago.
  • Helped one network administrator to resolve their IPv6 related issues. It seems that their network management console is broken. If you check actual configuration and network traffic, it differs from what the devices WebUI is showing. - I just cant stop loving this kind of stuff so deeply. - Disinformation systems, like I've said. Network traffic captures show that the configuration shown in Web UI isn't actually active. While debugging that also found out that the ISP probably doesn't do some things right. It seems that their network is leaking ARP requests for thousands of IP addresses. I didn't try it yet, but I guess that I can just hijack any of those IP addresses and start using it. I guess I'll do it some day just for lulz. Then it would be fun to see, if they really log the network traffic, or if they just log IP addresses. Because it's well possible that if I intentionally abuse that address, the blame goes entirely to wrong organization. - Just trolling. Can't know for sure, if they're logging enough details to resolve it correctly. They should know exactly which client technically was using the IP address, it doesn't matter who is officially using it, or who has signed the papers. Well, first I just try if it works out. If I can just hijack any of the unused IP addresses from their network, which isn't assigned to me in anyway. Of course ISP should be able to trust their clients not to abuse something like this. But I have to check if it's possible.
  • Had a long discussion about importance of filtering network traffic. This is just one of the examples Rogue / Bogus RA RFC6104. I thought I could try to inject rogue RA into the network, where at least it seems that DHCP traffic isn't getting properly filtered. It would be interesting to see if they have proper RA filtration in place. Maybe, maybe not. Anyway this list of different filtration methods is also valid with the discussion of "subnetting" /64. No you don't need to subnet it, you can filter and partition it on layer 2. Even if the computers are in same subnet, doesn't mean that those would be able to communicate directly. Btw. I just checked that my home connections IPv4 subnet is 255.255.240.0 and it practically doesn't mean anything at all, due to traffic filtration and switching and (not IP) routing on network level. Good thing is that there are tens of ways to make the same thing, using different technologies, configurations and solutions.

2019-08-11