AdministrationDNS

Différence (depuis la version majeure précédente) (modification mineure)

Effacé: 9,10d8

:DNS security DNSSEC tuto https://ensiwiki.ensimag.fr/index.php?title=Introduction_à_DNSSEC
:Configurer DynDNS? Linux avec OVH http://p3ter.fr/gestion-du-dyndns-sous-linux-avec-ovh.html

Effacé: 18,20d15

:Bind 9 Administrator Reference http://www.ipsec.nu/dns/bind9/Bv9ARM.html
:BIND/DNS Log messages https://docs.menandmice.com/pages/viewpage.action?pageId=6361013
:Cricket Liu sur [Installer les views avec BIND]

Effacé: 23,25d17

:Painless Dynamic DNS http://linux.yyz.us/nsupdate/
:DNS book for scientists http://www.zytrax.com/books/dns/
:Dual chrooted BIND/DNS servers http://www.etherboy.com/dns/chrootdns.html

Modifié: 56c48,49

===

+Alternative DNS providers 2015-05-13 08:38:18

===

+Alternative DNS providers

:DNS Opennic servers https://servers.opennic.org/

Administration DNS

: Article: Pourquoi il faut fermer les serveurs DNS recursifs ouverts Lire l'article de Bortzmyer : http://www.bortzmeyer.org/fermer-les-recursifs-ouverts.html
: BIND version query #dig bind.version txt chaos
: DNS DDOS question 2014-12-27 22:34:35 and recursive queries : http://serverfault.com/questions/438515/bind-blackhole-for-invalid-recursive-queries

+Autres liens relatifs à la mise en oeuvre et à l'administration de DNS

: Blocage de sites pubs et tracking https://sebsauvage.net/hosts/hosts
: Créer son propre datacenter et DynDNS? chez OVH https://blog.ston3o.me/comment-creer-son-datacenter-maison/
: DNS infos, Whois, RBL info http://www.robtex.com/
: Tester une zone DNS https://www.zonemaster.fr/
: On line DNS tools [lookup, reverse, propagation, AS numbers, ..] http://viewdns.info/
: DjbDNS? http://cr.yp.to/djbdns.html
: DNS book for scientists [many tech books CSS, LAN, LDPA, ..] http://www.zytrax.com/books/dns/
: DNSSEC practical exercises http://www.idsa.prd.fr/atelier-idsa/enonce.html
: Men and Mice http://www.menandmice.com/
: NSUpdate Howto http://caunter.ca/nsupdate.txt

+Iptables and DNS

You this rules only if you are protecting dedicated DNS server. SERVER_IP is IP address where BIND(named) is listing on port 53 for incoming DNS queries. Please note that here I’m not allowing TCP protocol as I don’t have secondary DNS server to do zone transfer.

 SERVER_IP="202.54.10.20"
 iptables -A INPUT -p udp -s 0/0 sport 1024:65535  -d $SERVER_IP dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p udp -s $SERVER_IP sport 53  -d 0/0 dport 1024:65535 -m state state  ESTABLISHED -j ACCEPT
 iptables -A INPUT -p udp -s 0/0 sport 53  -d $SERVER_IP dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p udp -s $SERVER_IP sport 53  -d 0/0 dport 53 -m state state ESTABLISHED -j ACCEPT

Please note if you have secondary server then add following rules to above rules so that secondary server can do zone transfer from primary DNS server:

 DNS2_IP="202.54.10.2"
 iptables -A INPUT -p tcp -s $DNS2_IP sport 1024:65535  -d $SERVER_IP dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p tcp -s $SERVER_IP sport 53  -d $DNS2_IP dport 1024:65535 -m state state ESTABLISHED -j ACCEPT

+DNS cache, windows client, notes

: Only on cache servers the TTL decreases. Master & slave are authoritative and keep original TTL
: DNS client could be stopped on XP. Its use is only related to Active Directory
: refresh time is used to refresh data from master to slave

+Alternative DNS providers

: DNS Opennic servers https://servers.opennic.org/
: Test if there is a DNS proxy at your FAI https://www.dnsleaktest.com/
: DNS chez FDN 80.67.169.12 et 89.67.169.40
: DNS chez Nordnet. DNS Primaire : 194.206.126.253 DNS Secondaire : 194.51.3.49
: OpenDNS? : profite de mes logs !!
: OpenNIC? project http://www.opennicproject.org/