Код: Выделить всё
#add 110 deny ip from any to 127.0.0/8
#add 120 deny ip from 127.0.0/8 to any
Код: Выделить всё
host x0.org.ua
x0.org.ua has address 193.201.81.18
x0.org.ua mail is handled by 10 smtp.x0.org.ua.
Модератор: terminus
Код: Выделить всё
#add 110 deny ip from any to 127.0.0/8
#add 120 deny ip from 127.0.0/8 to any
Код: Выделить всё
host x0.org.ua
x0.org.ua has address 193.201.81.18
x0.org.ua mail is handled by 10 smtp.x0.org.ua.
параноя ?)))))#add 110 deny ip from any to 127.0.0/8
#add 120 deny ip from 127.0.0/8 to any
Код: Выделить всё
$TTL 1D
@ IN SOA ns.x0.org.ua. root.ns.x0.org.ua. (
2007062808
3H
1H
1W
1D )
@ IN NS secondary.net.ua.
18 IN PTR ns.x0.org.ua.
Код: Выделить всё
# dig x0.org.ua
; <<>> DiG 9.4.2 <<>> x0.org.ua
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 513
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;x0.org.ua. IN A
;; ANSWER SECTION:
x0.org.ua. 86400 IN A 193.201.81.18
;; AUTHORITY SECTION:
x0.org.ua. 86400 IN NS ns.x0.org.ua.
x0.org.ua. 86400 IN NS ns.secondary.net.ua.
;; ADDITIONAL SECTION:
ns.x0.org.ua. 86400 IN A 193.201.81.18
ns.secondary.net.ua. 39212 IN A 195.149.112.1
;; Query time: 119 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Jul 28 01:04:13 2008
;; MSG SIZE rcvd: 123
Код: Выделить всё
Check domain
; <<>> DiG 9.3.4-P1 <<>> x0.org.ua any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7610
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;x0.org.ua. IN ANY
;; ANSWER SECTION:
x0.org.ua. 86312 IN A 193.201.81.18
x0.org.ua. 86312 IN SOA x0.org.ua. d.rambler.ru. 2008052902 28800 7200 604800 86400
x0.org.ua. 86312 IN NS primaryns.kiev.ua.
x0.org.ua. 86312 IN NS ns.secondary.net.ua.
;; AUTHORITY SECTION:
x0.org.ua. 86312 IN NS ns.secondary.net.ua.
x0.org.ua. 86312 IN NS primaryns.kiev.ua.
;; ADDITIONAL SECTION:
ns.secondary.net.ua. 46285 IN A 195.149.112.1
primaryns.kiev.ua. 29295 IN A 82.193.101.224
;; Query time: 1 msec
;; SERVER: 78.152.160.5#53(78.152.160.5)
;; WHEN: Mon Jul 28 01:07:04 2008
;; MSG SIZE rcvd: 217
Finally: successfull done.
скорее всего он ругаеться на отсутвие пустой строки в файлеон ругаеться на последнюю строку, убрать ее?
Код: Выделить всё
domain: x0.org.ua
remark: domen
admin-c: GO27-UANIC
tech-c: GO27-UANIC
nserver: primaryns.kiev.ua
nserver: ns.secondary.net.ua
changed: GO27-UANIC 20080526023256
source: UANIC
открой в vi28-Jul-2008 01:20:50.612 general: master/18.81.102.391.rev:11: file does not end with newline
Код: Выделить всё
% % .UA whois
% Domain Record:
% =============
domain: x0.org.ua
remark: domen
admin-c: GO27-UANIC
tech-c: GO27-UANIC
nserver: ns.x0.org.ua
nserver: ns.secondary.net.ua
changed: GO27-UANIC 20080728030109
source: UANIC
% Glue Record:
% ===========
nserver: ns.x0.org.ua
ip-addr: 193.201.81.18
он же не твой как я понял??на secondary.net.ua еще старое
Код: Выделить всё
#!/bin/sh
flush
add 100 check-state
#add deny log all from any to any
add allow udp from any to me 53 in
add allow udp from me 53 to any out
add allow udp from any 53 to me in
add allow udp from me to any 53 out
add allow tcp from any to me 53 in setup
#add allow ip from any to 193.201.81.18 53 in
#add allow ip from any 53 to 193.201.81.18 in
add allow udp from any 53 to any
add allow udp from any to any 53
#add deny ip from table(1) to any via rl0
add 270 allow ip from me to any
#add deny ip from any to 10.0.0.0/8 in via xl0
add deny ip from any to 172.16.0.0/12 in #via xl0
add deny ip from any to 192.168.0.0/16 in
add deny ip from any to 0.0.0.0/8 in #via xl0
# ????? ???????????????? ??????? ????
add deny ip from any to 169.254.0.0/16 in #via xl0
# ?????? ?????????????? ????????
add deny ip from any to 240.0.0.0/4 in # via xl0
add deny ip from any to 224.0.0.0/3 in # via xl0
add deny ip from any to 192.0.2.0/24 in # via xl0
add 200 allow ip from any to any via lo0
#add 110 deny ip from any to 127.0.0/8
#add 120 deny ip from 127.0.0/8 to any
add 130 deny ip from any to any not verrevpath in
add 140 deny ip from any to any frag
#add 130 allow tcp from any to any established
#add 140 allow tcp from me to any keep-state via tap0
#add 150 allow icmp from any to any #deny
#add 200 deny icmp from any to any in icmptype 0,3,4,5,8,9,11,13,14,15,16,17
#add 200 allow icmp from any to any in icmptype 0,3,8,11
#add 300 allow all from any to any via lo #dst-port
#add 220 allow ip from any to 192.168.1.33 dst-port 1-65535
#add 230 allow ip from 192.168.1.33 to any 1-65535
#add 240 allow ip from any 1194 to any via ed0
#add 220 allow ip from any to 192.168.1.33 1194,8080,81,20,4662,53,110,995,115,123,161,465,443,5190,5999,6669,119,1863,1025-5985,49152-65535,7002,27005-27050
#add 230 allow ip from 192.168.1.33 1194,8080,81,4662,53,110,995,115,123,161,465,443,5190,5999,6669,119,1863,1025-5985,49152-65535,7002,27005-27050 to any
#add 240 allow tcp from any to any http,https,ftp,20
#add 250 allow tcp from any to any 1024-65535,domain,telnet
#add 260 allow tcp from any to any daytime,time,echo,discard
##otrili#add 200 deny ip from 194.44.42.0/24 to me
#195.225.145.14
###add 210 deny ip from 195.225.145.14 to me
add 220 deny ip from 87.250.239.209, 87.250.239.211, 87.250.239.212 to me
add 220 deny ip from 193.201.82.1 to me
###add 230 deny ip from 74.6.0.0/16, 67.195.0.0/16, 81.19.64.0/19 to me
add 230 deny ip from 78.157.143.211, 128.119.247.210, 200.27.79.101, 125.93.180.155, 78.129.202.16, 78.129.128.0/17 to me
add 230 deny ip from 221.214.0.0/15, 78.90.0.0/16, 78.90.88.0/23, 194.187.99.33, 83.222.3.216, 194.187.99.1, 85.17.251.75, 72.233.50.170, 212.150.209.53, 85.17.141.100, 211.151.224.0/19, 80.190.240.0/20, 88.198.0.0/16, 88.212.204.110 to me
add 230 deny ip from 81.19.64.0/19, 70.85.72.34, 70.85.123.133, 62.152.41.91, 85.17.230.129, 88.212.201.52, 72.232.117.107, 88.212.196.85, 88.212.201.52, 83.229.252.34, 64.20.51.210, 83.149.112.86, 88.208.19.191 to me
add deny ip from 88.208.16.233, 72.36.170.196, 85.17.11.141, 85.17.170.206, 88.214.205.23, 64.20.52.98 to me
#88.212.205.226 62.152.41.91
add 240 deny ip from 91.76.233.227, 83.237.0.0/16, 90.157.0.0/17, 91.121.0.0/17, 85.142.0.0/15, 89.252.64.0/18, 81.222.64.0/20, 84.242.192.0/18, 213.252.64.0/18 to me
add 240 deny ip from 194.67.18.234, 193.166.0.0/15, 210.22.0.0/16, 58.56.0.0/15, 91.121.0.0/18 to me
add 240 deny ip from 213.114.0.0/15, 213.114.104.0/21, 213.112.0.0/14, 193.166.0.0/15, 78.110.48.0/20, 194.67.0.0/18, 91.121.0.0/16, 91.121.0.0/17, 91.121.0.0/18, 64.34.0.0/16 to me
add 240 deny ip from 89.108.95.185, 89.108.65.167, 148.201.0.0/16, 148.202.0.0/15, 148.204.0.0/14, 148.208.0.0/12, 148.224.0.0/12, 148.240.0.0/13, 148.248.0.0/15, 148.250.0.0/16 to me
#91.192.149.0/24
add 250 deny ip from 194.79.21.133 to me
add 260 deny ip from 90.156.167.24 to me
add 270 allow icmp from any to me icmptypes 0,3,8,11
add 280 allow icmp from me to any icmptypes 0,3,8,11
add allow ip from any 49151-65535 to any #keep-state
add 270 allow ip from any to me 49151-65535 #keep-state
#add 280 allow ip from me to any 49151-65535
add 270 allow ip from me to any
#add 290 allow icmp from any to any #deny
#add 280 deny icmp from any to any via ed0 #deny
add 290 deny ip from 201.38.0.128/26, 193.53.87.0/24, 64.20.32.0/19, 70.85.73.245, 68.76.252.154, 64.191.0.0/17, 77.92.88.0/23, 89.149.236.0/24, 201.152.72.0/24 to any
add 300 deny ip from 195.245.120.250/23 to any
#add 360 allow tcp from any to any established
#add 370 allow all from any to any frag
#add 0900 allow tcp from any to any http
#add 910 allow udp from any to any
#add 920 allow tcp from any to any
#193.43.250.49
#add 360 allow ip from any to any 80 #setup
#add 370 allow ip from any 80 to any #setup
#add 360 allow ip from any to any 21,443,8000,8080,3128 # ,5222 #setup
#add 370 allow ip from any 21,443,8000,8080,3128 to any #setup
add 360 allow ip from any to any 21,443 #keep-state # ,5222 #setup
add 370 allow ip from any 80,21,443 to any #keep-state #setup
#add 360 allow ip from any to any 80,443,5222 #setup
#add 370 allow ip from any 80,443,5222 to any #setup
add allow tcp from any to 10.8.0.58 80 limit src-addr 40
add allow tcp from any to 10.8.0.58 80 via rl0 setup limit src-addr 100
add allow tcp from any to 193.201.81.18 80 limit src-addr 40
add allow tcp from any to 193.201.81.18 80 via rl0 setup limit src-addr 100
#add 380 443.5222
#add 380 allow tcp from any to any out
#add 390 allow udp from any to any out
#add 400 allow ip from any to me 80
#add 430 deny tcp from any to any established
###add 1000 allow tcp from any to me http
#add 440 allow tcp from any to 193.43.250.49 80
add 410 allow udp from me to any 53 keep-state
#add 420 allow udp from any to 193.43.250 53 via tap0
#add 430 allow udp from any 53 to 193.43.250.49 in via tap0
#add 440 allow udp from 62.149.2.1 123 to me
#add 450 deny udp from 62.149.2.1 to me 123
#add 420 allow udp from 193.43.250.49 to any
#add 410 allow udp from any to 193.43.250.49
add 420 unreach port udp from any to me 33435-33524
##add allow ip from any 49151-65535 to any
##add allow ip from any to any 49151-65535
add 430 deny udp from any to me 123
add 500 deny udp from any 137 to any
add 510 deny udp from any to any 137
add 520 deny udp from any 138 to any
add 530 deny udp from any 513 to any
add 540 deny udp from any 525 to any
add 600 deny tcp from any to me 113 setup
add 610 deny tcp from any to me 139 setup
add 620 deny tcp from any to me 389 setup
add 630 deny tcp from any to me 445 setup
#add 700 deny all from any to 255.255.255.255
#add 710 deny all from any to 10.8.255.255
add 430 deny all from any to any 137
add 500 deny all from any to any 138
add 510 deny all from any to any 139
add 520 deny all from any to any 81
#add 140 deny all from any to me 3131
#add 140 allow all from me to any 3131
add 520 deny all from any to any 123
add 520 deny all from any to any 512
add 520 deny all from any to any 525
add 520 deny all from any to any 445
add deny all from any to any 113
add allow all from any to any established
#${ipfw} add 410 allow tcp from not ${ournet} to me smtp
#add 800 deny log all from any to any out
#add 1000 deny log all from any to any
##
#add 1300 deny tcp from any to any in tcpflags syn,!ack
##################33
add 900 deny tcp from any to any in tcpflags syn,!ack
add 1100 deny all from any to 127.0.0.0/8
add 1200 deny icmp from any to any frag
#add 1300 deny icmp from any to any in icmptype 5,9,13,14,15,16,17
add 1400 deny tcp from any to any not established tcpflags fin
add 1500 deny tcp from any to any tcpflags fin,syn,rst,psh,ack,urg
add 1600 deny tcp from any to any tcpflags !fin,!syn,!rst,!psh,!ack,!urg
add 4000 deny udp from any 137-139 to any #xl0
add 4100 deny udp from any to any 137-139 #xl0
#add 5000 deny ip from any to 193.43.250.49
#add 5000 deny ip from g.2info.dp.ua to any
add allow udp from any to me 53 in
add allow udp from me 53 to any out
add allow udp from any 53 to me in
add allow udp from me to any 53 out
add allow tcp from any to me 53 in setup
###
add allow ip from any to 193.201.81.18 53 in
add allow ip from any 53 to 193.201.81.18 in
add allow udp from any 53 to any
add allow udp from any to any 53
##
add 2000 deny log all from any to any
#65535
dig с секондари сказал что на нем все то что ты прописывал на мастере?я на secodary написал свой ip, он написал что подключился и что ok...
Код: Выделить всё
@ IN SOA ns.x0.org.ua. root.ns.x0.org.ua. (
2007062808
Код: Выделить всё
#killall named
#named -u bind
Код: Выделить всё
Active: Yes
Allow xfer: No
Master1: "193.201.81.18" Ok, host 193.201.81.18, port 53/tcp alive, axfr successfully.
Master2: "" Ok
Master3: "" Ok
All data correct. Domain changed.
Finally: successfull done.
Код: Выделить всё
28-Jul-2008 16:28:34.470 general: running
28-Jul-2008 16:28:34.470 notify: zone 0.0.127.in-addr.arpa/IN: sending notifies (serial 2007062908)
28-Jul-2008 16:28:34.471 notify: zone x0.org.ua/IN: sending notifies (serial 2007062908)
28-Jul-2008 16:28:34.475 notify: zone 81.102.391.in-addr.arpa/IN: sending notifies (serial 2007062908)
28-Jul-2008 16:31:14.400 xfer-out: client 193.201.116.2#53801: transfer of 'x0.org.ua/IN': AXFR started
28-Jul-2008 16:31:14.406 xfer-out: client 193.201.116.2#53801: transfer of 'x0.org.ua/IN': AXFR ended
Код: Выделить всё
$TTL 1D
@ IN SOA ns.x0.org.ua. root.ns.x0.org.ua. (
2008053102
3H
1H
1W
1D )
IN NS ns.x0.org.ua.
IN NS ns.secondary.net.ua.
IN MX 10 smtp.x0.org.ua.
IN A 193.201.81.18
s1 IN A 193.201.81.18
gw IN A 193.201.81.18
ns IN A 193.201.81.18
www IN A 193.201.81.18
smtp IN A 193.201.81.18
mail IN A 193.201.81.18
ftp IN A 193.201.81.18
ntp IN A 193.201.81.18
ldap IN A 193.201.81.18
svn IN A 193.201.81.18
cvs IN A 193.201.81.18
dev IN A 193.201.81.18
stat IN A 193.201.81.18
Код: Выделить всё
IN NS ns1.test.org.ua.
IN NS ns.secondary.net.ua.
MX 10 ns1.test.org.ua.
IN A 213.125.15.4
ns1 IN A 213.125.15.4
www IN A 213.125.15.5
Код: Выделить всё
C:\Work\ffsdrv\ffsdrv-0.5-winxp>ping smtp.x0.org.ua
Обмен пакетами с smtp.x0.org.ua [193.201.81.18] по 32 байт:
Ответ от 193.201.81.18: число байт=32 время=282мс TTL=121
Ответ от 193.201.81.18: число байт=32 время=242мс TTL=121
Ответ от 193.201.81.18: число байт=32 время=296мс TTL=121
Код: Выделить всё
named-checkconf
Код: Выделить всё
named-checkzone
Код: Выделить всё
named-checkzone dmz.me.dom /etc/namedb/master/me.dom/dmz.me.dom.hosts
zone dmz.me.dom/IN: loaded serial 2008061612
OK
Код: Выделить всё
dig @ns.dmz.me.dom dmz.me.dom axfr
Код: Выделить всё
rndc retransfer dmz.me.dom
Код: Выделить всё
./number.sh yandex.ru google.com
yandex.ru
ns1.yandex.ru. has serial number 2008072900
ns2.yandex.ru. has serial number 2008072900
ns4.yandex.ru. has serial number 2008072900
ns5.yandex.ru. has serial number 2008072900
google.com
ns1.google.com. has serial number 2008072501
ns2.google.com. has serial number 2008072501
ns3.google.com. has serial number 2008072501
ns4.google.com. has serial number 2008072501
Код: Выделить всё
named-checkzone idev.pro /etc/namedb/working/idev.pro.hosts
zone idev.pro/IN: loaded serial 1346675805
OK
Код: Выделить всё
$ORIGIN .
$TTL 86400 ; 1 day
idev.pro IN SOA node.idev.pro. subach\.pavel.gmail.com. (
1346675805
10800
3600
604800
10800 )
idev.pro. IN NS node.idev.pro.
idev.pro. IN NS ns2.trifle.net.
idev.pro. IN NS nsa.znm.ru.
idev.pro. IN NS nsb.znm.ru.
idev.pro. IN A 79.136.240.36
node.idev.pro. IN A 79.136.240.36
ituxold.idev.pro. IN A 188.138.103.36
idev.pro. IN MX 10 idev.pro.
www.idev.pro. IN CNAME idev.pro.
wiki.idev.pro. IN CNAME idev.pro.
morhellene.idev.pro IN CNAME idev.pro.
git.idev.pro. IN CNAME idev.pro.
itux.idev.pro. IN CNAME idev.pro.
idev.pro. IN TXT "v=spf1 ip4:79.136.240.36/31 ~all"