Wednesday, September 28, 2016

curl get page load time

To get the time to load a page
$ curl -o /dev/null -s -w %{time_connect}:%{time_starttransfer}:%{time_total} http://www.google.com

Or save a file curl-format.txt
    time_namelookup:  %{time_namelookup}\n
       time_connect:  %{time_connect}\n
    time_appconnect:  %{time_appconnect}\n
   time_pretransfer:  %{time_pretransfer}\n
      time_redirect:  %{time_redirect}\n
 time_starttransfer:  %{time_starttransfer}\n
                    ----------\n
         time_total:  %{time_total}\n
And run the curl
$ curl -w "@curl-format.txt" -o /dev/null -s "http://www.google.com/"
    time_namelookup:  0.004
       time_connect:  0.010
    time_appconnect:  0.000
   time_pretransfer:  0.010
      time_redirect:  0.000
 time_starttransfer:  0.018
                    ----------
         time_total:  0.018



Wednesday, September 21, 2016

Validating DNSSEC signed domains

syntax:

dig @ +dnssec +multi

validating a proper DNSSEC signed domains

look out for Authenticated Data (AD) set in FLAGS.
Requesting DNSSEC signed DNS domain with the DO Flag set (which is DNSSEC OK) should provide an Authenticated answer (AD) flag set in the header.

$ dig +dnssec +multi whitehouse.gov

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 <<>> +dnssec +multi whitehouse.gov
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 8407="" id:="" noerror="" o:p="" opcode:="" query="" status:="">
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;whitehouse.gov.                     IN A

;; ANSWER SECTION:
whitehouse.gov.                      20 IN A            23.200.94.83
whitehouse.gov.                      20 IN RRSIG A 7 2 20 20160923132441 (
                                                20160920122441 24695 whitehouse.gov.
                                                I5nNZV8jXvWdMt6/MrctYMjL6e0sRWI+LGwkkafKrHS9
                                                ++Pum0CQTucJy8Y1BUVhw83ahrNsivkQar3LGA1kZMHp
                                                HbkRWHwtRzhCkO2SOASJjv+j/mblYgSJznu8t2pqq6vs
                                                Q/3cq93exrK8Zy/izs7nEbhOOnhs7ji4xV5ljTw= )

;; Query time: 2 msec
;; SERVER: 192.168.2.1#53(192.168.2.1)
;; WHEN: Wed Sep 21 02:18:12 2016
;; MSG SIZE  rcvd: 233

Validate broken DNSSEC or misconfigured domains
domain which has DNSSEC issues should return SERVFAIL as return code in the header.
$ dig dnssec-or-not.org +dnssec +multi
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @10.180.8.1 dnssec-or-not.org +dnssec +multi
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode:="" query="" span="" status:="">SERVFAIL, id: 23634
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;dnssec-or-not.org. IN A
;; Query time: 334 msec
;; SERVER: 10.180.8.115#53(10.180.8.115)
;; WHEN: Thu Nov 14 16:46:32 2013
;; MSG SIZE rcvd: 46

Validate non-DNSSEC signed domains
domain that is not DNSSEC signed, should resolve normally.
$ dig +dnssec +multi google.com   

; <<>> DiG 9.8.3-P1 <<>> +dnssec +multi google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- 51197="" id:="" noerror="" o:p="" opcode:="" query="" status:="">
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;google.com.               IN A

;; ANSWER SECTION:
google.com.                300 IN A 216.58.196.206

;; AUTHORITY SECTION:
google.com.                131822 IN NS ns3.google.com.
google.com.                131822 IN NS ns1.google.com.
google.com.                131822 IN NS ns4.google.com.
google.com.                131822 IN NS ns2.google.com.

;; ADDITIONAL SECTION:
ns2.google.com.                     301984 IN A 216.239.34.10
ns1.google.com.                     301984 IN A 216.239.32.10
ns3.google.com.                     301984 IN A 216.239.36.10
ns4.google.com.                     301984 IN A 216.239.38.10

;; Query time: 305 msec
;; SERVER: 172.28.2.5#53(172.28.2.5)
;; WHEN: Wed Sep 21 13:54:04 2016
;; MSG SIZE  rcvd: 191


Tuesday, September 13, 2016

find files that does not contain a specific string

Let say you want to know if all the metadata.rb file that DOES NOT contains a string called "name" from start of line.

egrep -L ^name */metadata.rb
There was an error in this gadget