PowerDNS Recursor is a resolving DNS server, that runs as a separate process. The authoritative pdns_server can be configured to proxy recursive queries to the recursor, and optionally overlay authoritative zone data. The Recursor is used by several of the largest Internet providers of the world, including AOL, Shaw Cable and Neuf Cegetel. 1. Install […]
Catégorie: DNS
Use iptables to block some DNS queries
Use python script to get Hex Dump of a DNS query $ python >>> import binascii >>> def dns_hex(hex): … a = [binascii.hexlify(i) for i in hex.split(« . »)] … print « 06 ».join(a[0:-3])+ »07″.join(a[-3:-1])+ »02″+a[-1] … >>> dns_hex(« attack.attack.attack ») 61747461636b0761747461636b0261747461636b Here we are going to use the dump in the iptable rule Create the iptable rule $ sudo iptables -I INPUT […]
How Do I Update The Root Hints Data File for BIND Named Server?
Use wget command to retrieve file and store to /etc/bind/db.root (Debian / Ubuntu Linux), enter: # wget –user=ftp –password=ftp ftp://ftp.rs.internic.net/domain/db.cache -O /etc/bind/db.root Under Red Hat / CentOS / Fedora Linux, default location is /var/named/named.root, enter: # wget –user=ftp –password=ftp ftp://ftp.rs.internic.net/domain/db.cache -O /var/named/named.root Reload rndc to update information, enter: # rndc reload Another option is run […]
Install Caching-Only DNS server on CentOS 5.x
Install the BIND software # yum -y install bind # yum -y install caching-nameserver * Configure # cd /var/named/chroot/etc/ # ls -la total 48 drwxr-x— 2 root named 4096 Apr 29 03:06 . drwxr-x— 5 root named 4096 Feb 23 06:35 .. -rw-r–r– 1 root root 3519 Feb 27 2006 localtime -rw-r—– 1 root named […]
How To Setup Vanity DNS Name Server Using BIND 9
I’ve nameserver like ns1.example.com and ns2.example.com. I’d like to provide Vanity DNS for each domain such as ns1.yourdomain.com and ns2.yourdomain.com. Basically, my users should able to call my dns server as their own servers. This will create the illusion that my user run their own name servers. How do I setup vanity DNS using BIND […]
How to block DNS Amplification Attack isc.org any attack
I’ve been seeing the DNS ANY attack against my DNS servers. I’m using PDNS but this should work with BIND or any DNS server. My DNS servers are not recursive, but they are attacking me anyway. I guess I’m the DDOS amplifier. If you think the same thing is happening to you you can detect […]
Iptables for common DNS amplification attack on recursive DNS inside your network.
There are a lots of DNS amplification attack now. In my network with hosts around a few hundreds of servers, my log was never stop. What is it ? Basically it is a DDoS technique by use large reply of DNS resolving to DDoS target with hugh amount of bandwidth. This accomplished by spoof query […]
Update root server in the BIND
We can use this command for update root server. dig +bufsize=1200 +norec NS . @a.root-servers.net >! db.root
How To Clear DNS Cache In Mac OSX Leopard
DNS request are usually cached, that’s good as it help to speeds up the lookups within the same host but sometimes we will want to clear the cache so it don’t hold the values that are no longer valid. To clear DNS cache in Mac OSX, we can do it with the help of Terminal. Mac OSX 10.4 […]
Install dnssd gem on ubuntu
If you got following error during dnssd installationchecking for dns_sd.h… nounable to find dnssd header*** extconf.rb failed *** then you have to install few libraries:sudo aptitude install libavahi-compat-libdnssd-dev