Добро пожаловать, Гость. Пожалуйста авторизуйтесь здесь.
FGHIGate на GaNJa NeTWoRK ST@Ti0N - Просмотр сообщения в эхоконференции IPV6
Введите FGHI ссылку:


Присутствуют сообщения из эхоконференции IPV6 с датами от 31 Jul 11 14:37:00 до 03 Oct 24 21:46:09, всего сообщений: 7440
Ответить на сообщение К списку сообщений Предыдущее сообщение Следующее сообщение
= Сообщение: 1096 из 7440 ============================================= IPV6 =
От   : Alexey Vissarionov               2:5020/545         06 Dec 14 12:00:00
Кому : BjФrn Felten                                        06 Dec 14 12:00:00
Тема : DNS
FGHI : area://IPV6?msgid=2:5020/545+5482d37f
На   : area://IPV6?msgid=2:203/2+548249f8
= Кодировка сообщения определена как: CP866 ==================================
Ответ: area://IPV6?msgid=2:240/1661+54770d36
Ответ: area://IPV6?msgid=2:203/2+5483585c
==============================================================================
Good ${greeting_time}, BjФrn!

06 Dec 2014 01:12:44, you wrote to Tommi Koivula:

TK>> Yes. I have been running Bind for a long time.
 BF> Setting up a Bind server is really easy. Getting it properly set-up
 BF> is not. It's estimated that somewhere around 98% of all traffic to
 BF> DNS servers is caused by badly configured Bind servers.

Also, significant part of that traffic is the amplification of DDoS attacks.

BF> If you care to write an article for the Fidonews about this, I know
 BF> it would be highly appreciated.

About configuring BIND? I ever doubt whether it worth quoting configuration files...

% cat /etc/named/named.conf
acl "secondaries"
{
 127.0.0.1;
 10.10.10.10;
 10.20.20.20;
};

acl "clients"
{
 127.0.0.1;
 192.168.0.0/16;
 172.16.32.0/12;
 10.0.0.0/8;
};

options
{
 version "unknown";
 directory "/etc/named";
 listen-on { 192.0.2.123; 2001:0DB8:1:2::123; };
 allow-transfer { secondaries; };
 allow-recursion { clients; };
};

logging
{
 category lame-servers { null; };
};

include "key.conf";

controls
{
 inet 127.0.0.1 port 953
  allow { 127.0.0.1; } keys { "rndc-key"; };
};

view "common"
{
 match-clients { any; };
 zone "." in { type hint; file "root.hint"; };
 include "primaries.conf";
 include "secondaries.conf";
};


% perl -e 'my $key=`head -c18 < /dev/urandom | openssl base64`; chomp $key; print("key \"rndc-key\"\n{\n\talgorithm hmac-sha2-512;\n\tsecret \"$key\";\n};\n");' > /etc/named/key.conf

% cat /etc/named/key.conf
key "rndc-key"
{
        algorithm hmac-sha2-512;
        secret "an1DY/ukB8ArIWlTjMxHz5+Q";
};


% cat /etc/named/rndc.conf
include "/etc/named/key.conf";
options
{
        default-key "rndc-key";
        default-server 127.0.0.1;
        default-port 953;
};


% dig . ns | egrep -v '^($|;)' > /etc/named/root.hint


% cat /etc/named/primaries.conf
zone "example.net" in { type master; file "zones/primary/example.net.zone"; };


% cat /etc/named/secondaries.conf
// zone "some-secondary-domain.net" in { type slave; file "zones/secondary/some-secondary-domain.net.zone"; masters { 10.20.30.40; }; };


Bonus - example of zone specification:

@               IN      SOA     ns.example.net. root.example.net. (
                                2014120611      ;       Serial
                                1H              ;       Refresh
                                15M             ;       Retry
                                4w              ;       Expire
                                1H )            ;       Minimum
                IN      NS      ns0
                IN      NS      ns1
                IN      A       192.0.2.123
                IN      AAAA    2001:0DB8:1:2::123
                IN      MX 10   mail
                IN      TXT     "v=spf1 +mx ~all"

ns0             IN      A       192.0.2.123
                IN      AAAA    2001:0DB8:1:2::123
ns1             IN      A       192.0.2.12
                IN      AAAA    2001:0DB8:1::12

ns              IN      A       192.0.2.123
                IN      A       192.0.2.12
                IN      AAAA    2001:0DB8:1:2::123
                IN      AAAA    2001:0DB8:1::12

mail            IN      A       192.0.2.123
                IN      AAAA    2001:0DB8:1:2::123

; IPv4-only example
myipv6only      IN      AAAA    2001:0DB8:1:2::123

; IPv6-only example
myipv4only      IN      A       192.0.2.123

*               IN      A       192.0.2.123
                IN      AAAA    2001:0DB8:1:2::123



--
Alexey V. Vissarionov aka Gremlin from Kremlin
gremlin.ru!gremlin; +vii-cmiii-cmlxxvii-mmxlviii

... god@universe:~ # cvs up && make world
--- /bin/vi
* Origin: http://openwall.com/Owl (2:5020/545)

К главной странице гейта
Powered by NoSFeRaTU`s FGHIGate
Открытие страницы: 0.047281 секунды