A public recursive name server (also called public DNS resolver) is a name server service that networked computers may use for query to DNS, the decentralized Internet naming system, in place of or in addition to name servers operated by the Internet service provider to which the devices are connected.

Below is a list of public DNS service operators.

Quad9

Quad9 is a not-for-profit public-benefit organization supported by IBM, Packet Clearing House (PCH), Global Cyber Alliance (GCA), and many other cybersecurity organizations for the purpose of operating a privacy-and-security-centric public DNS resolver. Its main differentiators from other DNS resolvers are that it does not record the queries users send to it, and that it automatically blocks domains known to be associated with malicious activity. Quad9 offers DNS over TLS service over port 853, DNS over HTTPS over port 443 and DNSCrypt service over port 443. - Wikipedia

Features

DNS over TLS
DNS over HTTPS
DNSCrypt

Sometimes you want to block all Facebook IPs for various reasons (1, 2, 3, 4, 5, 6, 7, 8). Sometimes you really really do want that (and you should do it), so compiling a list with all the IPs is easy (both IPv4 and IPv6):

$ whois -h whois.radb.net '!gAS32934' | tr ' ' '\n' | awk '!/[[]]/' > facebook-ips-ipv4.txt
$ whois -h whois.radb.net '!6AS32934' | tr ' ' '\n' | grep '::' > facebook-ips-ipv6.txt

And a list of Facebook-owned IPs will be saved into the facebook-ips-{ipv4/ipv6}.txt files, ready to be used.

Introduction

Here is a small tutorial on encrypting a Microsoft Azure virtual machine disk.

Preparing the Azure Virtual Machine

Enable the Azure Key Vault provider within your Azure subscription.

$ az provider register -n Microsoft.KeyVault

Create a resource group in your favorite location (keep in mind different locations enable different features, some VM sizes are not available in other locations).

One day an old man was walking along the beach. It was low tide, and the sand was littered with thousands of stranded starfish that the water had carried in and then left behind.

The man began walking very carefully so as not to step on any of the beautiful creatures. Since the animals still seemed to be alive, he considered picking some of them up and putting them back in the water, where they could resume their lives.

The man knew the starfish would die if left on the beach’s dry sand but he reasoned that he could not possibly help them all, so he chose to do nothing and continued walking.

Below is a small tutorial on how you can create your own recursive DNS server using Unbound, adding custom records to block ads (and fakenews, porn or social websites), on macOS. Also, you can use DNS over TLS if needed/wanted.

Installation

Unbound is already in Homebrew so installing it is just a matter of running:

$ brew install unbound

Did you hear about the newest bug in Windows 7, introduced by the Meltdown patches that Microsoft implemented? Accidentally leaving the Page-Map Level 4 (PML4) as user?

A simple user-space application that tried to read a kernel address should’ve crashed, how about this for a basic test, Microsoft?

#include <stdio.h>
  
int main() {
	volatile unsigned long *ptr = (volatile unsigned long *)0xFFFFF6FB7DBED000;
	printf("%lu\n", *ptr);
	return 0;
}

Compile with Cygwin and run. If it doesn’t crash, the new Windows 7 Meltdown bug is present.

The real question is, I guess, how do you accidentally make PML4 user. Oh, and if you’re wondering why this only affects Windows 7, it’s easy: parts of the memory management code were rewritten for Windows 10 so that the location of the page tables could be randomized.

Have fun.