
Snapshot of North Korea’s DNS data taken from zone transfers - mandatory
https://github.com/mandatoryprogrammer/NorthKoreaDNSLeak
======
benedikt
Slightly related, I ran nmap scans on the known NK internet for a while.

The data can be found here: [https://github.com/benediktkr/nk-
scans](https://github.com/benediktkr/nk-scans)

~~~
wuschel
Well, I hope for the head of the NK chief propaganda minister that the grand
divine dictator's internet does not break down with all the traffic from
Hacker News..

 _" Kim Jong Un, Chairman of the Workers' Party of Korea, Chairman of the
State Affairs Commission of the DPRK and Supreme Commander of the Korean
People's Army, visited the Sohae Space Centre to inspect the ground jet test
of a new type high-power engine of a carrier rocket for the geo-stationary
satellite."_

It sounds really hilarious, but it reminds me of the soviet era in the Warsaw
Pact member states. Poor citizens. We are so lucky to have a degree of control
over our supreme leadership..

~~~
mikeash
It should remind you of that, since that's basically what they are. They're on
the wrong side of Russia to be in the Warsaw Pact, but they follow the same
basic model as other Soviet puppets, except for the part where they succumbed
to revolution in the 90s.

~~~
lisper
NK is not a Russian puppet, it's a Chinese puppet. (And it's a puppet gone
rogue like Chucky.)

~~~
mikeash
They are now, but they were aligned with the Soviets until there stopped being
Soviets. Naturally they sought out a new patron after that.

~~~
lisper
Not quite. The SU started rolling back its support for NK in 1985, four years
before the SU fell. In fact, it seems probable to me that NK didn't fall along
with the rest of the SU precisely because of this.

But the point I was really trying to make is that calling NK anyone's puppet
is not really accurate, and arguably never was. They are certainly dependent
on China nowadays, but it is far from clear who is pulling whose strings.

~~~
mikeash
They definitely don't seem to be now. I'm pretty sure China doesn't want them
lighting off nuclear bombs, but doesn't know how to get them to stop.

In any case, "puppet" was incidental to my comment, and I'm happy to let that
go. My main point was that they were set up very similarly to the Warsaw Pact
countries, so the similarity in language is entirely expected.

~~~
KMag
> but doesn't know how to get them to stop.[1]

[1] That is, without having a humanitarian crisis and state with nuclear
explosives (and might have viable nuclear warheads) in civil war on their back
doorstep.

I can see both sides to the dispute over how to handle DPRK. If Mexico got
very politically unstable and started making nuclear explosions and likely had
a missle-portable warhead, the U.S. would get touchy if China started
proposing actions that could easily touch off a Mexican civil war. In
hindsight, I hope they realize that they should have pushed the DPRK harder
earlier and run a higher risk of a civil war in the pre-nuclear-explosive DPRK
in exchange for heading off warhead development.

~~~
mikeash
Agreed, it's a huge mess and I see no good way to clean it up. We should
probably just rip the band-aid off ASAP and get it over with. I think the non-
nuclear window of opportunity is still open there. They have weapons, but I
don't think they yet have the means to deliver them. In any case, I doubt
anyone is willing to do that, and I can't blame them at all. The other hope
would be that _somehow_ either the regime becomes less crazy on their own
(like China did) or a successful revolution happens without spilling outside
the country too much. Neither possibility seems likely.

On the other hand, I remember how the Soviet Union seemed like it was here
forever, right up until it wasn't. That didn't turn out _great_ , but it
stayed contained and nobody got nuked.

------
jwr
I find it amazing that you can actually read (yourself) all of the content of
all the toplevel DNS zones of a country. In 2016. Two subdomains in .edu.

~~~
jbg_
What do you mean by "In 2016"? This is by design...

~~~
lost_my_pwd
I think GP means it is notable that, in 2016, the zone list for NK is so small
that it can be perused in mere seconds due to its short length (as compared to
any other country).

------
Retr0spectrum
For someone who isn't particularly familiar with DNS, what are the
implications of this?

~~~
madaxe_again
That their intranet/internet is apparently pretty small, comprising only a few
dozen domains, run off five Nameservers.

Also cooks.org.kp. I really want to go to the _Facing grand slam popular
restaurant_ , previously the _Flavour bases loaded restaurant_ , but they're
really embracing their new name apparently.
[http://cooks.org.kp/restaurants.php?rID=21](http://cooks.org.kp/restaurants.php?rID=21)

~~~
jason_slack
Sorry, I need a little more explanation.

Are you saying that North Korea would otherwise be keeping these domains out
of sight from users that aren't in North Korea? So now that these domains are
out there anyone can view them and lurk/spy/gather info?

~~~
itsnotlupus
You'd need to know those domains exist to resolve them.

This unusual (mis-) configuration allowed to enumerate those domains
exhaustively.

~~~
jason_slack
So if I had a friend in North Korea and they told me about one of those
domains, I would not have been able to resolve it in my browser?

But now that this has happened anyone can?

~~~
griffinmb
Rather, if you had a friend in North Korea and they told you about the
domains, you WOULD be able to resolve them.

Now that this has happened, you know all of the domain names and no longer
need a friend in North Korea to tell you what they are.

------
A1kmm
Looking at the A records tells an even more interesting story:

    
    
        (for i in *.zone; do expand $i | grep " A " | cut -c 50-; done) | sort | uniq -c | sort -n
          1 75.45.179.76
         16 75.45.176.15
         16 75.45.176.16
         25 75.45.176.8
         25 75.45.176.9
    

It looks like all those websites are hosted on only 5 IP addresses. They could
be load balancers, but still, that is certainly not many hosts!

------
misterbwong
Side note: I'd really like to visit this NK ski resort. It'd be amazing to
snowboard on what looks like completely empty snow.

[http://masikryong.com.kp/](http://masikryong.com.kp/)

[https://en.wikipedia.org/wiki/Masikryong_Ski_Resort](https://en.wikipedia.org/wiki/Masikryong_Ski_Resort)

~~~
feralmoan
Wow, timing out. It's already fallen over from referral traffic :D I hope no-
one gets shot over this

------
vmp
Fascinating, that's the complete zone for the whole country? And it's run on 5
servers? (only 5 different IPs mentioned as far as I can tell)

~~~
EE84M3i
This is a bit misleading. According to Will Scott, who taught CS in North
Korea, there are some 3000-5000 sites on the national intranet, but it is
entirely disconnected from the internet at large. So these zones are ones that
are intended for consumption by foreigners.

Source: [http://motherboard.vice.com/read/how-to-teach-computer-
scien...](http://motherboard.vice.com/read/how-to-teach-computer-science-in-
north-korea) (super interesting, suggest reading it)

~~~
nunez
Holy shit; they are still teaching classful routing (Class A, B, C, D...)

------
axyjo

      gnu.rep.kp.
    

That's pretty interesting. I wonder what they've got on that.

~~~
Gurrewe
The site is available to the world, [http://gnu.rep.kp/](http://gnu.rep.kp/)

~~~
yitchelle
Is it malicious?

~~~
sillysaurus3
Nah. Here are some screenshots (google translated):
[http://imgur.com/a/C2Gp7](http://imgur.com/a/C2Gp7)

~~~
userbinator
> Dafeng strange fruit spreads across the Great Hall won the People's love and
> young manhood of the world's largest hot in that reverence Kim Jong-un...

North Korean is a different dialect so it's no surprise Google struggles with
it. It looks like a news/propaganda site.

~~~
duskwuff
Not just the dialect that's tough to translate, but also the diction. DPRK
propaganda tends to use a lot of bombastic language -- it shows in their
English press releases as well.

------
pawal
If you want to keep secrets, publishing them in DNS is the wrong place for it.

------
CCing
It's safe visit these websites ? I've visited cooks.org.kp with JS enabled-_-
(but origin ublock active)

~~~
kalleboo
If North Korea had 0-day browsers exploits, they wouldn't be using them on
cooks.org.kp

------
callesgg
Someone might be getting killed over this.

~~~
fleitz
Machine gun or anti-aircraft gun?

------
orliesaurus
Watch as they're going to blame the US and/or South Korea of hacking them

~~~
kalleboo
Well if this happened in the US, wouldn't this count as hacking under the
CFAA? For instance weev got 3 years for running some GET requests on a
sequential number.

------
Nadya
Did nobody think to use archive.org on these sites while they were still up?
:( Or was that not possible. Something like HTTrack would have been useful,
rather than a few people screenshotting the sites.

------
shermozle
silibank.net.kp must be where they make the counterfeit currency?

~~~
vocatus_gate
"Sillybank"

I know it's childish but I couldn't help but laugh at this.

------
audeyisaacs
5 day TTLs seems a little long? To help with outages maybe ;P

Edit: Awesome find, and monitoring project btw. Thanks!

~~~
arbitrage
If their topography is mostly static, it doesn't matter much if the TTL is 24
hours or 7 days.

------
viach
You better don't visit North Korea as a tourist now

