Links

• http://www.debianadmin.com/howto-setup-dhcp-server-and-dynamic-dns-with-bind-in-debian.html
• http://www.debian-administration.org/articles/390

.deb Pakete

bind9 dnsutlins

Firewall settings

iptables:

iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

Unter CentOS mit firewalld:

firewall-cmd --zone=public --add-service=dns --permanent
firewall-cmd --reload

//Zum entfernen eines Eintrags
firewall-cmd --zone=public --remove-service=dns --permanent
firewall-cmd --reload

Options

#/etc/bind/named.conf.options
options {
directory "/var/cache/bind";

query-source address * ;

forwarders {
192.168.99.1;
};

recursion yes;

version "REFUSED";

allow-recursion {
127.0.0.1;
192.168.99.0/24;
172.30.0.0/16;
};

allow-query {
127.0.0.1;
192.168.99.0/24;
172.30.0.0/16;
};

};

Read Write Problematik

remountrw
mkdir -p /ro/etc/bind
chmod 775 /ro/etc/bind
chown root:bind /ro/etc/bind
cp -a /ro/etc/bind /rw/etc
ln -s /rw/etc/bind/ /etc/bind

mkdir -p /ro/var/cache/bind
chmod 775 /ro/var/cache/bind
chown root:bind /ro/var/cache/bind
cp -a /ro/var/cache /rw/var
ln -s /rw/var/cache/bind/ /var/cache/bind
remountro

rndc

NAME
       rndc - name server control utility

SYNOPSIS
       rndc [-b source-address] [-c config-file] [-k key-file] [-s server]
            [-p port] [-q] [-V] [-y key_id] {command}

rndc reload
rndc retransfer
rndc querylog on
rndc trace

dnswalk

defined(@array) is deprecated at /usr/bin/dnswalk line 59.
	(Maybe you should just omit the defined()?)
defined(@array) is deprecated at /usr/bin/dnswalk line 61.
	(Maybe you should just omit the defined()?)
defined(@array) is deprecated at /usr/bin/dnswalk line 87.
	(Maybe you should just omit the defined()?)
defined(@array) is deprecated at /usr/bin/dnswalk line 107.
	(Maybe you should just omit the defined()?)
Checking 56.168.192.in-addr.arpa.
Getting zone transfer of 56.168.192.in-addr.arpa. from gentoo.local.tobias-weiss.org...done.
SOA=gentoo.local.tobias-weiss.org	contact=postmaster@local.tobias-weiss.org
WARN: SOA contact name (postmaster@local.tobias-weiss.org) is invalid
WARN: 1.56.168.192.in-addr.arpa PTR ThinkPad.local.tobias-weiss.org: A record not found
0 failures, 2 warnings, 0 errors.

nscd

/usr/sbin/nscd - name service cache daemon
nscd reload
nscd retransfer
nscd querylog on
nscd trace

Nscd is a daemon that provides a cache for the most common name service requests. The default configuration file, /etc/nscd.conf, determines the behavior of the cache daemon. See nscd.conf(5).

Nscd provides cacheing for accesses of the passwd(5), group(5), and hosts(5) databases through standard libc interfaces, such as getpwnam(3), getpwuid(3), getgrnam(3), getgrgid(3), gethostbyname(3), and others.

There are two caches for each database: a positive one for items found, and a negative one for items not found. Each cache has a separate TTL (time-to-live) period for its data. Note that the shadow file is specifically not cached. getspnam(3) calls remain uncached as a result. As a result of this behavior there is not possible to change non-nscd user to another non-nscd user via su service when nscd is running.

dig

apt-get install dnsutils

Zonentransfer testen

dig axfr @ns12.zoneedit.com zonetransfer.me
host -l zonetransfer.me ns16.zoneedit.com

bind version abfragen

dig @ns12.zoneedit.com version.bind chaos txt

MX Abfrage an mich selbst

root@itchy:/etc# dig  @localhost example.com mx


;; QUESTION SECTION:
;example.com.                   IN      MX

;; AUTHORITY SECTION:
example.com.            86400   IN      SOA     dns1.icann.org. hostmaster.icann.org.

;; Query time: 2224 msec
;; SERVER: 192.168.1.50#53(192.168.1.50)
;; WHEN: Sun Apr 23 21:47:41 2006
;; MSG SIZE  rcvd: 90


root@itchy:/etc# dig  @itchy example.com mx |grep time
;; Query time: 1 msec

root hints

dig @e.root-servers.net . ns >root.hints

MX Abfrage

homaar@bl01:~$ dig mx tobias-weiss.org

; <<>> DiG 9.7.3 <<>> mx tobias-weiss.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14991
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;tobias-weiss.org.              IN      MX

;; ANSWER SECTION:
tobias-weiss.org.       86400   IN      MX      50 mail.tobias-weiss.org.

Reverse Lookup

dig +short test.de
127.0.0.1

dig +short -x 127.0.0.1
test.de.