TLDR icon indicating copy to clipboard operation
TLDR copied to clipboard

Published 20 hours ago • verified publisher icon mandatoryprogrammer

💥 Active TLDR Fork

Open flotwig opened this issue 3 years ago • 5 comments

Since this repo is discontinued as of 2019, I've created a fork of TLDR which is currently being kept up-to-date by an hourly GitHub Action: https://github.com/flotwig/TLDR-2

Differences between TLDR-2 (my fork) and TLDR (this repo):

  • TLDR-2 will request up to 25 simultaneous AXFRs, TLDR will only request 1. This significantly boosts the speed of a full scan.
  • TLDR-2 only saves successful AXFRs. This should help keep the repo a manageable size and make the results easier to navigate.
  • TLDR-2 is actively updated, using a GitHub Action to keep up to date.
  • In addition to transferable_zones.md, TLDR-2 generates a tab-separated list of AXFR-able zones in transferable_zones.tsv.

I'm creating this issue to raise visibility to others that there is an active fork, so you don't have to run this locally or fork it yourself.

@mandatoryprogrammer Would you accept a PR to update the README to link to this in the discontinuation message?

flotwig avatar Sep 28 '22 23:09 flotwig

After finishing working on TLDR-2, I (of course) found that @monoidic has also created a fork named TLDR2 at https://github.com/monoidic/TLDR2. He is also using an hourly GitHub action, and has added some features related to DNSSEC, not quite sure how they work though.

flotwig avatar Sep 28 '22 23:09 flotwig

Sure, feel free to create a PR and I can merge it.

mandatoryprogrammer avatar Sep 28 '22 23:09 mandatoryprogrammer

Sure, feel free to create a PR and I can merge it.

@mandatoryprogrammer done, see https://github.com/mandatoryprogrammer/TLDR/pull/14. Thanks for building this :pray: I'm also curious why you decided to stop updating the zone files, if you feel like sharing. If it's a technical limitation TLDR-2 might have to work around the same issues eventually.

flotwig avatar Sep 28 '22 23:09 flotwig

After finishing working on TLDR-2, I (of course) found that @monoidic has also created a fork named TLDR2 at https://github.com/monoidic/TLDR2. He is also using an hourly GitHub action, and has added some features related to DNSSEC, not quite sure how they work though.

I believe you are referring to the walkable zones part? It detects zones that are vulnerable to zone walking, which can be used to dump zone contents as well, except even through recursive resolvers, with no direct connections to the server. My TLDR2 relies on my https://github.com/monoidic/dns-tools tool, which can perform this zone walk itself on these vulnerable zones, as well as parallel AXFRs, though the tool is not the most user-friendly at the moment.

monoidic avatar Sep 29 '22 03:09 monoidic

@monoidic Ah, very cool. Thanks for introducing me to the concept of "zone walking". For anyone reading this, I found these two resources which helped me understand the concept better: https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions https://blog.cloudflare.com/black-lies/ I starred your dns-tools repo, it sounds like it could come in handy.

flotwig avatar Sep 29 '22 03:09 flotwig