Autres
AideEnLigne
CahierDeBrouillon
Présentation
Administration

MesLectures
[Journal d'Ophelia]
[Blog Larnac]
[Traitement texte en ligne]
[Kim Khal]

Informations
[Rue 89]
[Tele libre]

DNS etc
[Robtex]
Logins
Votre ID: 111
Nom:
Login utilisateur
Mot de passe éditeur

AdministrationDNS

Administration DNS

Une applet Java pour mieux comprendre les [différences entre iterative queries et recursives queries ]

+D'autres liens relatifs à la mise en oeuvre et à l'administration de DNS
Configurer DynDNS? Linux avec OVH http://p3ter.fr/gestion-du-dyndns-sous-linux-avec-ovh.html
Créer son propre datacenter et DynDNS? chez OVH https://blog.ston3o.me/comment-creer-son-datacenter-maison/
DNS infos, Whois, RBL info http://www.robtex.com/
Tester une zone DNS https://www.zonemaster.fr/
On line DNS tools [lookup, reverse, propagation, AS numbers, ..] http://viewdns.info/
Free uncensored DNS server http://dns.telecomix.org/ 91.191.136.152
DjbDNS? http://cr.yp.to/djbdns.html
DNS book for scientists [many tech books CSS, LAN, LDPA, ..] http://www.zytrax.com/books/dns/
DNSSEC practical exercises http://www.idsa.prd.fr/atelier-idsa/enonce.html
Bind 9 Administrator Reference http://www.ipsec.nu/dns/bind9/Bv9ARM.html
BIND/DNS Log messages https://docs.menandmice.com/pages/viewpage.action?pageId=6361013
Cricket Liu sur [Installer les views avec BIND]
NSUpdate Howto http://caunter.ca/nsupdate.txt
Painless Dynamic DNS http://linux.yyz.us/nsupdate/
DNS book for scientists http://www.zytrax.com/books/dns/
DNSSEC practical exercises http://www.idsa.prd.fr/atelier-idsa/enonce.html
Bind 9 Administrator Ref. Manual http://www.ipsec.nu/dns/bind9/Bv9ARM.html
Men and Mice http://www.menandmice.com/
Dual chrooted BIND/DNS servers http://www.etherboy.com/dns/chrootdns.html
BIND/DNS Log messages http://www.menandmice.com/docs/named_messages.htm#idx_p
DjbDNS? http://cr.yp.to/djbdns.html
+Iptables and DNS
You this rules only if you are protecting dedicated DNS server. SERVER_IP is IP address where BIND(named) is listing on port 53 for incoming DNS queries. Please note that here I’m not allowing TCP protocol as I don’t have secondary DNS server to do zone transfer.

 SERVER_IP="202.54.10.20"
 iptables -A INPUT -p udp -s 0/0 sport 1024:65535  -d $SERVER_IP dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p udp -s $SERVER_IP sport 53  -d 0/0 dport 1024:65535 -m state state  ESTABLISHED -j ACCEPT
 iptables -A INPUT -p udp -s 0/0 sport 53  -d $SERVER_IP dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p udp -s $SERVER_IP sport 53  -d 0/0 dport 53 -m state state ESTABLISHED -j ACCEPT

Please note if you have secondary server then add following rules to above rules so that secondary server can do zone transfer from primary DNS server:

 DNS2_IP="202.54.10.2"
 iptables -A INPUT -p tcp -s $DNS2_IP sport 1024:65535  -d $SERVER_IP dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p tcp -s $SERVER_IP sport 53  -d $DNS2_IP dport 1024:65535 -m state state ESTABLISHED -j ACCEPT
+Pourquoi il faut fermer les serveurs DNS recursifs ouverts
+DNS cache, windows client, notes
Only on cache servers the TTL decreases. Master & slave are authoritative and keep original TTL
DNS client could be stopped on XP. Its use is only related to Active Directory
refresh time is used to refresh data from master to slave
+BIND version query
Pour avoir la version de BIND :
 #dig bind.version txt chaos
+Au sujet de DNS DDOS 2014-12-27 22:34:35
+Alternative DNS providers 2015-05-13 08:38:18
DNS chez Nordnet. DNS Primaire : 194.206.126.253 DNS Secondaire : 194.51.3.49
OpenDNS? : profite de mes logs !!
OpenNIC? project http://www.opennicproject.org/
OSRN root servers http://www.orsn.org/en/tech/