Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
github.com/wl4g/xcloud-dopaas-coredns
That can obtain zone resolution records from redis-cluster, it can be integrated with DoPaaS https://github.com/wl4g/dopaas, provides DoPaaS unified management web GUI.
English version goes here
For more configuration items, please refer to the coredns official website. For example, we give a general example:
.:53 {
loadbalance round_robin
# Load zones records from local /etc/hosts.
hosts {
fallthrough
}
# Load zones records from redis-cluster(default settings).
coredns_gdns {
address localhost:6379,localhost:6380,localhost:6381,localhost:7379,localhost:7380,localhost:7381
password "123456"
connect_timeout 5000
read_timeout 10000
write_timeout 5000
max_retries 10
pool_size 10
ttl 360
prefix _coredns:
local_cache_expire_ms 5000
}
# Up recursive DNS query server list.
# e.g. Google dns servers: 8.8.8.8, china telecom dns servers: 114.114.114.114,202.96.134.133,202.96.212.68
#forward . 8.8.8.8 114.114.114.114 {
# tls_servername dns.google
# force_tcp
# max_fails 3
# expire 10s
# health_check 5s
# policy sequential
# except www.baidu.com
#}
forward . 202.96.134.133 202.96.212.68 # In china
reload 6s
log . "{local}:{port} - {>id} '{type} {class} {name} {proto} {size} {>do} {>bufsize}' {rcode} {>rflags} {rsize} {duration}"
errors
}
address
redis cluster node address host:port or ip:port, default: localhost:6379,localhost:6380,localhost:6381,localhost:7379,localhost:7380,localhost:7381password
redis cluster password, default: emptyconnect_timeout
connection timeout time, default: 5000msread_timeout
data read timeout, default: 10000mswrite_timeout
data write timeout, default: 5000msmax_retries
Maximum number of retries, default: 10pool_size
redis connection pool size, default: 10ttl
zones resolve cache ttl, default: 360secprefix
zones resolution record data is stored in redis-cluster key prefix, default: _coredns:
local_cache_expire_ms
zones resolving and record the validity period of the local cache, default: 5000ms (Note: In order to improve performance, the loading sequence of zones map data is in order: localCache -> redisCache -> db)Currently does not support direction resolution
Currently does not support direction resolution
Each zone is stored as a hash map in redis-cluster, with zone as the key. Note: According to the https://tools.ietf.org/html/rfc6763 protocol, it ends with a "." suffix. Such as:
redis-cli>KEYS *
1) "example.com."
2) "example.net."
redis-cli>
Stored in redis cluster in json string format, @ is used for RR value of the region itself. Such as:
{
"a":{
"ip": "1.2.3.4",
"ttl": 360
}
}
{
"aaaa":{
"ip": "::1",
"ttl": 360
}
}
{
"cname":{
"host": "x.example.com.",
"ttl": 360
}
}
{
"TXT":{
"text": "this is a text",
"ttl": 360
}
}
{
"ns":{
"host": "ns1.example.com.",
"ttl": 360
}
}
{
"mx":{
"host": "mx1.example.com",
"priority": 10,
"ttl": 360
}
}
{
"srv":{
"host": "sip.example.com.",
"port": 555,
"priority": 10,
"weight": 100,
"ttl": 360
}
}
{
"soa":{
"ttl": 100,
"mbox": "hostmaster.example.com.",
"ns": "ns1.example.com.",
"refresh": 44,
"retry": 55,
"expire": 66
}
}
{
"caa":{
"flag": 0,
"tag": "issue",
"value": "letsencrypt.org"
}
}
$ORIGIN example.net.
example.net. 300 IN SOA <SOA RDATA>
example.net. 300 NS ns1.example.net.
example.net. 300 NS ns2.example.net.
*.example.net. 300 TXT "this is a wildcard"
*.example.net. 300 MX 10 host1.example.net.
sub.*.example.net. 300 TXT "this is not a wildcard"
host1.example.net. 300 A 5.5.5.5
_ssh.tcp.host1.example.net. 300 SRV <SRV RDATA>
_ssh.tcp.host2.example.net. 300 SRV <SRV RDATA>
subdel.example.net. 300 NS ns1.subdel.example.net.
subdel.example.net. 300 NS ns2.subdel.example.net.
host2.example.net CAA 0 issue "letsencrypt.org"
The above zone data should be stored in redis-cluster as follows:
redis-cli> hgetall example.net.
1) "_ssh._tcp.host1"
2) "{\"srv\":[{\"ttl\":300, \"target\":\"tcp.example.com.\",\"port\":123,\"priority\" :10,\"weight\":100}]}"
3) "*"
4) "{\"txt\":[{\"ttl\":300, \"text\":\"this is a wildcard\"}],\"mx\":[{\"ttl\" :300, \"host\":\"host1.example.net.\",\"preference\": 10}]}"
5) "host1"
6) "{\"a\":[{\"ttl\":300, \"ip\":\"5.5.5.5\"}]}"
7) "sub.*"
8) "{\"txt\":[{\"ttl\":300, \"text\":\"this is not a wildcard\"}]}"
9) "_ssh._tcp.host2"
10) "{\"srv\":[{\"ttl\":300, \"target\":\"tcp.example.com.\",\"port\":123,\"priority\" :10,\"weight\":100}]}"
11) "subdel"
12) "{\"ns\":[{\"ttl\":300, \"host\":\"ns1.subdel.example.net.\"},{\"ttl\":300, \ "host\":\"ns2.subdel.example.net.\"}]}"
13) "@"
14) "{\"soa\":{\"ttl\":300, \"minttl\":100, \"mbox\":\"hostmaster.example.net.\",\"ns\": \"ns1.example.net.\",\"refresh\":44,\"retry\":55,\"expire\":66},\"ns\":[{\"ttl\": 300, \"host\":\"ns1.example.net.\"},{\"ttl\":300, \"host\":\"ns2.example.net.\"}]}"
15) "host2"
16)"{\"caa\":[{\"flag\":0, \"tag\":\"issue\", \"value\":\"letsencrypt.org\"}]}"
redis-cli>
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
Security News
Research
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
Security News
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.