- [Show page]
- [Old revisions]
- [[unknown link type]]
- []
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:skoleni:dns [2014/09/02 22:33] admin |
linux:skoleni:dns [2014/09/03 16:25] (current) admin [powerdns] |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| dig +cd +dnssec +multi www.rhybar.cz | dig +cd +dnssec +multi www.rhybar.cz | ||
| | | ||
| - | ===== Zneuziti zony pescomnet.cz ===== | + | Rozdilne odpovedi DNS serveru |
| + | <code> | ||
| + | dig +dnssec +multi www.dnssec.cz @212.20.96.34 | ||
| + | dig +dnssec +multi www.dnssec.cz @8.8.8.8 | ||
| + | </code> | ||
| + | Analyza paketu | ||
| + | tcpdump -n host 212.20.96.34 -X | ||
| + | |||
| + | |||
| + | ====== Pridani nove domeny do bindu ====== | ||
| + | Definice zony. Bind je velmi citlivy na uvozovky, stredniky a jina zviratka | ||
| + | <file /etc/bind/named.conf.local> | ||
| + | zone "dalibor.cz" { | ||
| + | type "master"; | ||
| + | file "dalibor.cz"; | ||
| + | }; | ||
| + | </file> | ||
| + | |||
| + | Zonovy soubor | ||
| + | <code> | ||
| + | $ORIGIN . | ||
| + | $TTL 8h | ||
| + | dalibor.cz. IN SOA ns.dalibor.cz. hostmaster.dalibor.cz ( | ||
| + | 201401; serial | ||
| + | 8h; refresh | ||
| + | 4h; retry | ||
| + | 2d; expire | ||
| + | 8h; minimum | ||
| + | ) | ||
| + | $ORIGIN dalibor.cz. | ||
| + | IN A 1.2.3.4 | ||
| + | ns IN A 10.0.4.151 | ||
| + | zeus IN A 10.0.4.151 | ||
| + | IN A 10.0.4.190 | ||
| + | IN A 10.0.4.196 | ||
| + | mail IN A 10.0.4.151 | ||
| + | www IN A 10.0.4.151 | ||
| + | </code> | ||
| + | |||
| + | <code> | ||
| + | // | ||
| + | // Do any local configuration here | ||
| + | // | ||
| + | |||
| + | // Consider adding the 1918 zones here, if they are not used in your | ||
| + | // organization | ||
| + | //include "/etc/bind/zones.rfc1918"; | ||
| + | |||
| + | zone "dalibor.cz" { | ||
| + | type master; | ||
| + | allow-transfer { 10.0.4.190; }; | ||
| + | file "dalibor.cz"; | ||
| + | }; | ||
| + | |||
| + | zone "kotrlik.cz" { | ||
| + | type slave; | ||
| + | masters { 10.0.4.187; }; | ||
| + | file "xxx"; | ||
| + | }; | ||
| + | </code> | ||
| + | |||
| + | Bind cache | ||
| + | rndc dumpdb -cache | ||
| + | ===== BIND9 ===== | ||
| + | * filipika proti prilisnemu vztahu bind9 a rfc | ||
| + | * otazka kdo ma delat replikaci zon? | ||
| + | ===== powerdns ===== | ||
| + | apt-get install pdns-server mysql-server | ||
| + | * http://downloads.sourceforge.net/project/poweradmin/poweradmin-2.1.7.tgz?r=http%3A%2F%2Fwww.poweradmin.org%2F&ts=1409754165&use_mirror=optimate | ||
| + | |||
| + | apt-get install apache2 php5 | ||
| + | |||
| + | |||
| + | ====== Zneuziti zony pescomnet.cz ====== | ||
| Todle me bude stat vice nez jednoho panaka... | Todle me bude stat vice nez jednoho panaka... | ||
| Line 35: | Line 108: | ||
| pescomnet.cz.signed | pescomnet.cz.signed | ||
| </code> | </code> | ||
| + | |||
| + | |||
| + | ====== Dulezita poznamka ====== | ||
| + | Zóna .CZ vyžaduje KSK klíč | ||
| + | |||
| + | Po tomto nastavení vezmeme DNSKEY z podepsané zóny a pošleme jej přes svého registrátora do .CZ zóny: | ||
| + | |||
| + | **pozn.** nasledujici prikaz nemusi fungovat, pokud jste klice do domeny nepridali | ||
| + | grep -E "DNSKEY[[:white:]]257" pescomnet.cz | ||
| + | | ||
| + | Takze pouzivam zase dig | ||
| + | <code> | ||
| + | dig DNSKEY starlab.cz @localhost | ||
| + | starlab.cz. 28800 IN DNSKEY 257 3 5 AwEAAdSYwjNYONb00hXA4EBuTnjro5pNeZe5gHZSzBbR0OnRu7NEjehy zgQ81FkM9SwATwfWrKPEaRK3tx/WDm7wZkFKLH3KNgnD0OvxFbbO/9/u EBv8DVApNrq6zJhdrlQnSik3BRuR8Q470kCZ1a7Dodoo7YzVVv/Zv6vP zZwVqGa+qS63smPvm4q4XMuWm8QECodhKUJXzzoGPk+D9ZqTSQwziTEs 8r4wNEhgLNFiYeQBtZGjL6QdRJZy4Dc6d5faWAlveQnZmDJBilf52K43 kvUeOZz7kBZndv+OgRE35bRe3LKrJ1vi56D65lYDGDzNt8aZt/qKM54H SJSMfTHY24M= | ||
| + | </code> | ||
| + | |||
| + | |||
| + | Jak tento klíč poslat do registru je zapotřebí dohodnout s vlastním registrátorem. | ||
linux/skoleni/dns.1409690020.txt.gz · Last modified: 2014/09/02 22:33 by admin