Snapshot of North Korea’s DNS data taken from zone transfers(github.com)
github.com
Snapshot of North Korea’s DNS data taken from zone transfers
https://github.com/mandatoryprogrammer/NorthKoreaDNSLeak
104 comments
As interesting as this is, I really don't think that IP blocks which are supposedly in North Korea are the limit of what their government/state apparatus has. I would not be surprised at all if significant blocks of IPV4 belonging to the Chinese upstream ISPs just across the border are also in use in locations geographically within North Korea.
Well, I hope for the head of the NK chief propaganda minister that the grand divine dictator's internet does not break down with all the traffic from Hacker News..
"Kim Jong Un, Chairman of the Workers' Party of Korea, Chairman of the State Affairs Commission of the DPRK and Supreme Commander of the Korean People's Army, visited the Sohae Space Centre to inspect the ground jet test of a new type high-power engine of a carrier rocket for the geo-stationary satellite."
It sounds really hilarious, but it reminds me of the soviet era in the Warsaw Pact member states. Poor citizens. We are so lucky to have a degree of control over our supreme leadership..
"Kim Jong Un, Chairman of the Workers' Party of Korea, Chairman of the State Affairs Commission of the DPRK and Supreme Commander of the Korean People's Army, visited the Sohae Space Centre to inspect the ground jet test of a new type high-power engine of a carrier rocket for the geo-stationary satellite."
It sounds really hilarious, but it reminds me of the soviet era in the Warsaw Pact member states. Poor citizens. We are so lucky to have a degree of control over our supreme leadership..
It should remind you of that, since that's basically what they are. They're on the wrong side of Russia to be in the Warsaw Pact, but they follow the same basic model as other Soviet puppets, except for the part where they succumbed to revolution in the 90s.
NK is not a Russian puppet, it's a Chinese puppet. (And it's a puppet gone rogue like Chucky.)
They are now, but they were aligned with the Soviets until there stopped being Soviets. Naturally they sought out a new patron after that.
Not quite. The SU started rolling back its support for NK in 1985, four years before the SU fell. In fact, it seems probable to me that NK didn't fall along with the rest of the SU precisely because of this.
But the point I was really trying to make is that calling NK anyone's puppet is not really accurate, and arguably never was. They are certainly dependent on China nowadays, but it is far from clear who is pulling whose strings.
But the point I was really trying to make is that calling NK anyone's puppet is not really accurate, and arguably never was. They are certainly dependent on China nowadays, but it is far from clear who is pulling whose strings.
They definitely don't seem to be now. I'm pretty sure China doesn't want them lighting off nuclear bombs, but doesn't know how to get them to stop.
In any case, "puppet" was incidental to my comment, and I'm happy to let that go. My main point was that they were set up very similarly to the Warsaw Pact countries, so the similarity in language is entirely expected.
In any case, "puppet" was incidental to my comment, and I'm happy to let that go. My main point was that they were set up very similarly to the Warsaw Pact countries, so the similarity in language is entirely expected.
> but doesn't know how to get them to stop.[1]
[1] That is, without having a humanitarian crisis and state with nuclear explosives (and might have viable nuclear warheads) in civil war on their back doorstep.
I can see both sides to the dispute over how to handle DPRK. If Mexico got very politically unstable and started making nuclear explosions and likely had a missle-portable warhead, the U.S. would get touchy if China started proposing actions that could easily touch off a Mexican civil war. In hindsight, I hope they realize that they should have pushed the DPRK harder earlier and run a higher risk of a civil war in the pre-nuclear-explosive DPRK in exchange for heading off warhead development.
[1] That is, without having a humanitarian crisis and state with nuclear explosives (and might have viable nuclear warheads) in civil war on their back doorstep.
I can see both sides to the dispute over how to handle DPRK. If Mexico got very politically unstable and started making nuclear explosions and likely had a missle-portable warhead, the U.S. would get touchy if China started proposing actions that could easily touch off a Mexican civil war. In hindsight, I hope they realize that they should have pushed the DPRK harder earlier and run a higher risk of a civil war in the pre-nuclear-explosive DPRK in exchange for heading off warhead development.
Agreed, it's a huge mess and I see no good way to clean it up. We should probably just rip the band-aid off ASAP and get it over with. I think the non-nuclear window of opportunity is still open there. They have weapons, but I don't think they yet have the means to deliver them. In any case, I doubt anyone is willing to do that, and I can't blame them at all. The other hope would be that somehow either the regime becomes less crazy on their own (like China did) or a successful revolution happens without spilling outside the country too much. Neither possibility seems likely.
On the other hand, I remember how the Soviet Union seemed like it was here forever, right up until it wasn't. That didn't turn out great, but it stayed contained and nobody got nuked.
On the other hand, I remember how the Soviet Union seemed like it was here forever, right up until it wasn't. That didn't turn out great, but it stayed contained and nobody got nuked.
China is effectively NK's designated driver, at this point.
China's interests are preventing NK from getting too far out of hand and China ends up flooded with millions of NK refugees.
China's interests are preventing NK from getting too far out of hand and China ends up flooded with millions of NK refugees.
Just asking to nail down definition of "puppet": is SK a US puppet?
A puppet state is one that is set up to look like an independent state but is in fact entirely de facto controlled by (i.e. cannot do anything without the approval of) another state. Iran between 1953 and 1979 was a U.S. puppet. Syria seems to be on the road to becoming a Russian puppet. SK is not a US puppet, and NK is not really a Chinese puppet either (that's what I meant by the "Chucky" comment).
It has generally become unfashionable to have puppet states nowadays. They're too hard to maintain.
It has generally become unfashionable to have puppet states nowadays. They're too hard to maintain.
> Iran between 1953 and 1979 was a U.S. puppet.
Are you repeating n-th hand propaganda? I kind of don't blame you since Google refuses to dig up the story of "Soviet-Iranian Agreement of Cooperation" of 1966. This agreement was reached because the West refused to support Iran's industrialization program under the Shah, so the "puppet" went ahead and reached an agreement with USSR.
Intelligence Memorandum, CIA, June 1967: https://www.cia.gov/library/readingroom/docs/DOC_0000381440....
Are you repeating n-th hand propaganda? I kind of don't blame you since Google refuses to dig up the story of "Soviet-Iranian Agreement of Cooperation" of 1966. This agreement was reached because the West refused to support Iran's industrialization program under the Shah, so the "puppet" went ahead and reached an agreement with USSR.
Intelligence Memorandum, CIA, June 1967: https://www.cia.gov/library/readingroom/docs/DOC_0000381440....
> Are you repeating n-th hand propaganda?
Quite possible. The document you cite was news to me. Maybe there has never been an actual U.S. puppet state, I don't know.
Quite possible. The document you cite was news to me. Maybe there has never been an actual U.S. puppet state, I don't know.
Wikipedia lists the Republic of Texas as one, and South Vietnam as a potential one. Assassinating an uncooperative leader while a bunch of American soldiers were in the country certainly seems like the sort of thing that would happen in a puppet state, anyway.
> The document you cite was news to me.
"There is a deeply disturbing trend in the world of ever increased deference to power. The free press is ..."
I respectfully suggest to you that this is no "trend".
"There is a deeply disturbing trend in the world of ever increased deference to power. The free press is ..."
I respectfully suggest to you that this is no "trend".
I think the argument could be made that the Philippines were a US puppet state at certain points in their history
I'm actually am having trouble accessing any of these NK sites at the moment. Verified that several sites are down at isitdownrightnow as well.
Could be many things, of course. But if Hacker News traffic is enough to overload an entire country's Internet...
Could be many things, of course. But if Hacker News traffic is enough to overload an entire country's Internet...
It's hitting the Reddit frontpage as well, so yeah.
I find it amazing that you can actually read (yourself) all of the content of all the toplevel DNS zones of a country. In 2016. Two subdomains in .edu.
What do you mean by "In 2016"? This is by design...
I think GP means it is notable that, in 2016, the zone list for NK is so small that it can be perused in mere seconds due to its short length (as compared to any other country).
The interesting parts are not by design. Yes, you can query the server, that's the expected behavior. But:
1. It's not normal to allow global zone transfers on most country-code nameservers, which enables other Internet users to get the full list of registered domains. Yes, some do it: https://github.com/mandatoryprogrammer/TLDR/blob/master/READ...
2. It's not normal for the list of all the domains registered to a TLD to be readable by a human in a short timeframe. If you could get a list of all .com or .co.uk domains, you probably could not read all the domains which start with 'aa', much less the complete list.
1. It's not normal to allow global zone transfers on most country-code nameservers, which enables other Internet users to get the full list of registered domains. Yes, some do it: https://github.com/mandatoryprogrammer/TLDR/blob/master/READ...
2. It's not normal for the list of all the domains registered to a TLD to be readable by a human in a short timeframe. If you could get a list of all .com or .co.uk domains, you probably could not read all the domains which start with 'aa', much less the complete list.
For someone who isn't particularly familiar with DNS, what are the implications of this?
And/or what can be learned from the leaked data?
What websites they have?
airkoryo.com.kp.
cooks.org.kp. // receips are important
friend.com.kp. // facebook clone? :D
gnu.rep.kp. // yay at least their software is free
kass.org.kp.
kcna.kp.
kiyctc.com.kp.
knic.com.kp.
koredufund.org.kp.
korelcfund.org.kp.
korfilm.com.kp. // movie4k clone at least there it is legal, lol
ma.gov.kp.
masikryong.com.kp.
naenara.com.kp.
nta.gov.kp.
portal.net.kp. // yahoo clone ;)
rcc.net.kp.
rep.kp.
rodong.rep.kp.
ryongnamsan.edu.kp.
sdprk.org.kp.
silibank.net.kp.
star-co.net.kp.
star-di.net.kp.
star.co.kp.
star.edu.kp.
star.net.kp.
vok.rep.kp.
don't seem that much
airkoryo.com.kp.
cooks.org.kp. // receips are important
friend.com.kp. // facebook clone? :D
gnu.rep.kp. // yay at least their software is free
kass.org.kp.
kcna.kp.
kiyctc.com.kp.
knic.com.kp.
koredufund.org.kp.
korelcfund.org.kp.
korfilm.com.kp. // movie4k clone at least there it is legal, lol
ma.gov.kp.
masikryong.com.kp.
naenara.com.kp.
nta.gov.kp.
portal.net.kp. // yahoo clone ;)
rcc.net.kp.
rep.kp.
rodong.rep.kp.
ryongnamsan.edu.kp.
sdprk.org.kp.
silibank.net.kp.
star-co.net.kp.
star-di.net.kp.
star.co.kp.
star.edu.kp.
star.net.kp.
vok.rep.kp.
don't seem that much
> korfilm.com.kp.
That 1990s style animated banner.. THE PYONGYANG INTERNATIONAL FILM FESTIVAL. I bet a ton of celebs visit that!
That 1990s style animated banner.. THE PYONGYANG INTERNATIONAL FILM FESTIVAL. I bet a ton of celebs visit that!
Red carpet doesn't get redder than this.
That said they had some surprising entries:
> In 2006, the Swedish horror comedy Frostbiten was shown at the festival, the first foreign horror film to ever be shown in North Korea.
That said they had some surprising entries:
> In 2006, the Swedish horror comedy Frostbiten was shown at the festival, the first foreign horror film to ever be shown in North Korea.
The Kim family has always placed a high priority on making movies. I believe it started out as a propaganda angle, as it has been in most communist countries (well...anywhere, really) and has sense moved onto full on fandom. The DPRK spends a good chunk of change on film production. Kim Jong-Il went so far as to kidnap a South Korean film director and actress.
https://en.wikipedia.org/wiki/The_Abduction_of_Shin_Sang-ok_...
https://en.wikipedia.org/wiki/Cinema_of_North_Korea
https://en.wikipedia.org/wiki/The_Abduction_of_Shin_Sang-ok_...
https://en.wikipedia.org/wiki/Cinema_of_North_Korea
<META content="MSHTML 6.00.2900.2180" name=GENERATOR>
Who wouldn't?
Who wouldn't?
> friend.com.kp. // facebook clone? :D
It's apparently "The website of the Committee for Cultural Relations with Foreign Countries".[0]
[0]: https://en.wikipedia.org/wiki/.kp#Usage
It's apparently "The website of the Committee for Cultural Relations with Foreign Countries".[0]
[0]: https://en.wikipedia.org/wiki/.kp#Usage
That their intranet/internet is apparently pretty small, comprising only a few dozen domains, run off five Nameservers.
Also cooks.org.kp. I really want to go to the Facing grand slam popular restaurant, previously the Flavour bases loaded restaurant, but they're really embracing their new name apparently. http://cooks.org.kp/restaurants.php?rID=21
Also cooks.org.kp. I really want to go to the Facing grand slam popular restaurant, previously the Flavour bases loaded restaurant, but they're really embracing their new name apparently. http://cooks.org.kp/restaurants.php?rID=21
Sorry, I need a little more explanation.
Are you saying that North Korea would otherwise be keeping these domains out of sight from users that aren't in North Korea? So now that these domains are out there anyone can view them and lurk/spy/gather info?
Are you saying that North Korea would otherwise be keeping these domains out of sight from users that aren't in North Korea? So now that these domains are out there anyone can view them and lurk/spy/gather info?
You'd need to know those domains exist to resolve them.
This unusual (mis-) configuration allowed to enumerate those domains exhaustively.
This unusual (mis-) configuration allowed to enumerate those domains exhaustively.
So if I had a friend in North Korea and they told me about one of those domains, I would not have been able to resolve it in my browser?
But now that this has happened anyone can?
But now that this has happened anyone can?
Rather, if you had a friend in North Korea and they told you about the domains, you WOULD be able to resolve them.
Now that this has happened, you know all of the domain names and no longer need a friend in North Korea to tell you what they are.
Now that this has happened, you know all of the domain names and no longer need a friend in North Korea to tell you what they are.
Their pictogram of a phone in 2016 is a rotary phone.
Sure, but while not quite the same level, my voicemail icon is a reel-to-reel tape and lots of "save" icons are floppy disks.
My wife and I occasionally wonder if our one year old will think we're crazy when we talk about "taping" a show.
No, probably (s)he'll complete accept it and not even give a thought to its etymology. It's just the word that names that action.
At my workplace, we route video and audio over Cat5 to specialized PCs with capture cards, running software that records and then streams or uploads to a video content server where people can log into an account and view a list of presentations on a content management application.
They still email to ask if I can tape their upcoming event.
They still email to ask if I can tape their upcoming event.
Probably about as crazy as your dad was when he was writing a file to disk, or when you post something on Facebook.
Yeah, looks like someone high up has a food obsession...
Well, the glorious leader does seem to be getting quite... globious in recent years.
Looking at the A records tells an even more interesting story:
(for i in *.zone; do expand $i | grep " A " | cut -c 50-; done) | sort | uniq -c | sort -n
1 75.45.179.76
16 75.45.176.15
16 75.45.176.16
25 75.45.176.8
25 75.45.176.9
It looks like all those websites are hosted on only 5 IP addresses. They could be load balancers, but still, that is certainly not many hosts!Side note: I'd really like to visit this NK ski resort. It'd be amazing to snowboard on what looks like completely empty snow.
http://masikryong.com.kp/
https://en.wikipedia.org/wiki/Masikryong_Ski_Resort
http://masikryong.com.kp/
https://en.wikipedia.org/wiki/Masikryong_Ski_Resort
Wow, timing out. It's already fallen over from referral traffic :D I hope no-one gets shot over this
Just don't use the ski lift....(if you didn't read the article it's a 30 year old retired lift)
Fascinating, that's the complete zone for the whole country? And it's run on 5 servers? (only 5 different IPs mentioned as far as I can tell)
This is a bit misleading. According to Will Scott, who taught CS in North Korea, there are some 3000-5000 sites on the national intranet, but it is entirely disconnected from the internet at large. So these zones are ones that are intended for consumption by foreigners.
Source: http://motherboard.vice.com/read/how-to-teach-computer-scien... (super interesting, suggest reading it)
Source: http://motherboard.vice.com/read/how-to-teach-computer-scien... (super interesting, suggest reading it)
Holy shit; they are still teaching classful routing (Class A, B, C, D...)
gnu.rep.kp.
That's pretty interesting. I wonder what they've got on that.GNU actually refers to 'grand national unity' in this context, one of the three fundamentals for Korean unification outlined in the 1972 North-South Joint Declaration (the other two being peace and independence).
Based on the screenshots, gnu.rep.kp appears to be a website for the Pyongyang Broadcasting Station.
Based on the screenshots, gnu.rep.kp appears to be a website for the Pyongyang Broadcasting Station.
Red Star OS repos, presumably?
The site is available to the world, http://gnu.rep.kp/
Here's 4 screenshots I took of a few I visited... http://imgur.com/a/Czllv
Is it malicious?
Nah. Here are some screenshots (google translated): http://imgur.com/a/C2Gp7
> Dafeng strange fruit spreads across the Great Hall won the People's love and young manhood of the world's largest hot in that reverence Kim Jong-un...
North Korean is a different dialect so it's no surprise Google struggles with it. It looks like a news/propaganda site.
North Korean is a different dialect so it's no surprise Google struggles with it. It looks like a news/propaganda site.
Not just the dialect that's tough to translate, but also the diction. DPRK propaganda tends to use a lot of bombastic language -- it shows in their English press releases as well.
All the gnus that's fit to print.
If you run it while disabling JS and Flash, it should be safe.
Based on Google Translate, it's nothing related to GNU, but "Pyongyang broadcast "national unity" editorial".
If you want to keep secrets, publishing them in DNS is the wrong place for it.
It's safe visit these websites ? I've visited cooks.org.kp with JS enabled-_- (but origin ublock active)
I'm not fucking kidding, but after I've visited cooks.org.kp my internet is slow and I've some packet loss and timeout...but nothing weird on little snitch
If North Korea had 0-day browsers exploits, they wouldn't be using them on cooks.org.kp
[deleted]
ublock only blocks known trackers or obvious ones, so it doesn't do anything to protect against potential browser exploits Kim could be running.
That being said, I doubt North Korea is sitting on too many unknown browser exploits.
That being said, I doubt North Korea is sitting on too many unknown browser exploits.
Watch as they're going to blame the US and/or South Korea of hacking them
Well if this happened in the US, wouldn't this count as hacking under the CFAA? For instance weev got 3 years for running some GET requests on a sequential number.
Did nobody think to use archive.org on these sites while they were still up? :( Or was that not possible. Something like HTTrack would have been useful, rather than a few people screenshotting the sites.
silibank.net.kp must be where they make the counterfeit currency?
[deleted]
"Sillybank"
I know it's childish but I couldn't help but laugh at this.
I know it's childish but I couldn't help but laugh at this.
Where the funny money comes from.
5 day TTLs seems a little long? To help with outages maybe ;P
Edit: Awesome find, and monitoring project btw. Thanks!
Edit: Awesome find, and monitoring project btw. Thanks!
If their topography is mostly static, it doesn't matter much if the TTL is 24 hours or 7 days.
[deleted]
julsimon(1)
WhitneyLand(5)
You better don't visit North Korea as a tourist now
The data can be found here: https://github.com/benediktkr/nk-scans