{"version": 2, "width": 80, "height": 24, "timestamp": 1782305805, "idle_time_limit": 2.0, "env": {"SHELL": "/bin/bash", "TERM": "unknown"}, "title": "InnerWarden DNS Guard — live enforce proof (test001)"}
[0.004777, "o", "\r\n──────────────────────────────────────────────────────────\r\n"]
[0.005376, "o", "▶ InnerWarden DNS Guard — sinkhole for known-bad domains\r\n──────────────────────────────────────────────────────────\r\n"]
[1.005992, "o", "resolver: 127.0.0.1:8553  ->  upstream 1.1.1.1\r\n"]
[1.008378, "o", "denylist: 65125 threat-feed domains (IOC / dns_c2 / dns_tunneling)\r\n"]
[1.009627, "o", "mode now: observe\r\n"]
[2.510979, "o", "\r\n──────────────────────────────────────────────────────────\r\n▶ OBSERVE: a denylisted domain STILL resolves (guard only records it)\r\n──────────────────────────────────────────────────────────\r\n"]
[3.512839, "o", "$ dig aplikasigerhanatoto1.com\r\n"]
[3.579575, "o", "162.0.235.153\r\n"]
[3.616263, "o", "  -> status: NOERROR\r\n"]
[5.117775, "o", "(a clean domain, for contrast)\r\n"]
[5.117816, "o", "$ dig example.com\r\n"]
[5.154234, "o", "104.20.23.154\r\n172.66.147.243\r\n"]
[5.190125, "o", "  -> status: NOERROR\r\n"]
[6.691787, "o", "\r\n"]
[6.691828, "o", "──────────────────────────────────────────────────────────\r\n▶ Pre-arm rehearse (mutates nothing): is any ESSENTIAL domain would-blocked?\r\n──────────────────────────────────────────────────────────\r\n"]
[7.695527, "o", "        1  0-rohyp-5-yu.ru  [denylist]\r\n        1  0-rw1-t.jelvax.in.net  [denylist]\r\n        2  aplikasigerhanatoto1.com  [denylist]\r\n        2  example.com  [denylist]\r\n\r\n  ✓ no essential conflicts — safe to arm (review the list above is all confirmed-bad).\r\n"]
[9.69724, "o", "\r\n──────────────────────────────────────────────────────────\r\n▶ ARM enforce  (paid — requires a DnsGuard license)\r\n──────────────────────────────────────────────────────────\r\n"]
[10.701413, "o", "\u001b[2m2026-06-24T12:56:55.970589Z\u001b[0m \u001b[32m INFO\u001b[0m \u001b[2minnerwarden_ad_common::license\u001b[0m\u001b[2m:\u001b[0m license validated \u001b[3mcustomer\u001b[0m\u001b[2m=\u001b[0mtest001 \u001b[3mhost\u001b[0m\u001b[2m=\u001b[0m* \u001b[3mvalid_until\u001b[0m\u001b[2m=\u001b[0m2027-06-18 07:40:30.478811554 UTC \u001b[3mfeatures\u001b[0m\u001b[2m=\u001b[0m[All]\r\nDNS Guard mode set to 'enforce' (/etc/innerwarden/dns-guard-mode).\r\n  ⚠ Did you run `config-sign dns-guard rehearse`? Enforce NXDOMAINs every denied lookup.\r\n  The running daemon picks this up on its next reload (no restart).\r\n"]
[10.701667, "o", "the daemon hot-reloads the mode file…\r\n"]
[29.039694, "o", "  daemon reloaded after ~21s\r\n"]
[30.041231, "o", "\r\n"]
[30.04127, "o", "──────────────────────────────────────────────────────────\r\n▶ ENFORCE: the denylisted domains are now SINKHOLED\r\n──────────────────────────────────────────────────────────\r\n"]
[31.042924, "o", "$ dig aplikasigerhanatoto1.com\r\n"]
[31.06654, "o", "(no answer)\r\n"]
[31.08857, "o", "  -> status: NXDOMAIN\r\n"]
[32.290271, "o", "$ dig 78smp.com\r\n"]
[32.310951, "o", "(no answer)\r\n"]
[32.33438, "o", "  -> status: NXDOMAIN\r\n"]
[33.836059, "o", "\r\n──────────────────────────────────────────────────────────\r\n"]
[33.836105, "o", "▶ …while a clean domain resolves normally (only bad is blocked)\r\n──────────────────────────────────────────────────────────\r\n"]
[34.837578, "o", "$ dig example.com\r\n"]
[34.873546, "o", "172.66.147.243\r\n104.20.23.154\r\n"]
[34.907022, "o", "  -> status: NOERROR\r\n"]
[36.408624, "o", "\r\n──────────────────────────────────────────────────────────\r\n▶ DISARM — safety valve (no license needed)\r\n──────────────────────────────────────────────────────────\r\n"]
[37.411901, "o", "DNS Guard DISARMED (/etc/innerwarden/dns-guard-mode) — resolves everything; the daemon reloads it shortly.\r\n"]
[37.412123, "o", "restoring the guard to its prior observe mode…\r\n"]
[58.597127, "o", "  daemon reloaded after ~24s (aplikasigerhanatoto1.com -> 162.0.235.153)\r\n"]
[58.597402, "o", "\r\n──────────────────────────────────────────────────────────\r\n▶ Result: denylisted domains sinkholed in enforce · clean domains untouched · instant disarm\r\n──────────────────────────────────────────────────────────\r\n"]
