Autres
AideEnLigne
LaVeloDyssee
CahierDeBrouillon
Présentation
Administration

MesLectures
[Journal d'Ophelia]
[Blog Larnac]
[Traitement texte en ligne]
[Kim Khal]

Informations
[Rue 89]
[Tele libre]

DNS etc
[Robtex]
Logins
Votre ID: 111
Nom:
Login utilisateur
Mot de passe éditeur

AdministrationDNS

Afficher la révision 34
Administration DNS

Article: Pourquoi il faut fermer les serveurs DNS recursifs ouverts Lire l'article de Bortzmyer : http://www.bortzmeyer.org/fermer-les-recursifs-ouverts.html
BIND version query #dig bind.version txt chaos
DNS DDOS question 2014-12-27 22:34:35 and recursive queries : http://serverfault.com/questions/438515/bind-blackhole-for-invalid-recursive-queries

+Autres liens relatifs à la mise en oeuvre et à l'administration de DNS
2019-01-28 15:55:35 Blocage de sites pubs et tracking https://sebsauvage.net/hosts/hosts
DNS security DNSSEC tuto https://ensiwiki.ensimag.fr/index.php?title=Introduction_à_DNSSEC
Configurer DynDNS? Linux avec OVH http://p3ter.fr/gestion-du-dyndns-sous-linux-avec-ovh.html
Créer son propre datacenter et DynDNS? chez OVH https://blog.ston3o.me/comment-creer-son-datacenter-maison/
DNS infos, Whois, RBL info http://www.robtex.com/
Tester une zone DNS https://www.zonemaster.fr/
On line DNS tools [lookup, reverse, propagation, AS numbers, ..] http://viewdns.info/
DjbDNS? http://cr.yp.to/djbdns.html
DNS book for scientists [many tech books CSS, LAN, LDPA, ..] http://www.zytrax.com/books/dns/
DNSSEC practical exercises http://www.idsa.prd.fr/atelier-idsa/enonce.html
Bind 9 Administrator Reference http://www.ipsec.nu/dns/bind9/Bv9ARM.html
BIND/DNS Log messages https://docs.menandmice.com/pages/viewpage.action?pageId=6361013
Cricket Liu sur [Installer les views avec BIND]
Men and Mice http://www.menandmice.com/
NSUpdate Howto http://caunter.ca/nsupdate.txt
Painless Dynamic DNS http://linux.yyz.us/nsupdate/
DNS book for scientists http://www.zytrax.com/books/dns/
Dual chrooted BIND/DNS servers http://www.etherboy.com/dns/chrootdns.html

+Iptables and DNS
You this rules only if you are protecting dedicated DNS server. SERVER_IP is IP address where BIND(named) is listing on port 53 for incoming DNS queries. Please note that here I’m not allowing TCP protocol as I don’t have secondary DNS server to do zone transfer.

 SERVER_IP="202.54.10.20"
 iptables -A INPUT -p udp -s 0/0 sport 1024:65535  -d $SERVER_IP dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p udp -s $SERVER_IP sport 53  -d 0/0 dport 1024:65535 -m state state  ESTABLISHED -j ACCEPT
 iptables -A INPUT -p udp -s 0/0 sport 53  -d $SERVER_IP dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p udp -s $SERVER_IP sport 53  -d 0/0 dport 53 -m state state ESTABLISHED -j ACCEPT

Please note if you have secondary server then add following rules to above rules so that secondary server can do zone transfer from primary DNS server:

 DNS2_IP="202.54.10.2"
 iptables -A INPUT -p tcp -s $DNS2_IP sport 1024:65535  -d $SERVER_IP dport 53 -m state state NEW,ESTABLISHED -j ACCEPT
 iptables -A OUTPUT -p tcp -s $SERVER_IP sport 53  -d $DNS2_IP dport 1024:65535 -m state state ESTABLISHED -j ACCEPT

+DNS cache, windows client, notes
Only on cache servers the TTL decreases. Master & slave are authoritative and keep original TTL
DNS client could be stopped on XP. Its use is only related to Active Directory
refresh time is used to refresh data from master to slave

+Alternative DNS providers 2015-05-13 08:38:18
Test if there is a DNS proxy at your FAI https://www.dnsleaktest.com/
DNS chez FDN 80.67.169.12 et 89.67.169.40
DNS chez Nordnet. DNS Primaire : 194.206.126.253 DNS Secondaire : 194.51.3.49
OpenDNS? : profite de mes logs !!
OpenNIC? project http://www.opennicproject.org/