forum.lissyara.su

Код: Выделить всё

 [root]# dig  @server aesa.su
; <<>> DiG 9.6.2-P2 <<>> @server aesa.su
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

Код: Выделить всё

dig  @89.223.47.139 aesa.su +trace

; <<>> DiG 9.6.2-P2 <<>> @server aesa.su +trace
; (1 server found)
;; global options: +cmd
.                       517184  IN      NS      c.root-servers.net.
.                       517184  IN      NS      e.root-servers.net.
.                       517184  IN      NS      k.root-servers.net.
.                       517184  IN      NS      i.root-servers.net.
.                       517184  IN      NS      m.root-servers.net.
.                       517184  IN      NS      b.root-servers.net.
.                       517184  IN      NS      l.root-servers.net.
.                       517184  IN      NS      g.root-servers.net.
.                       517184  IN      NS      j.root-servers.net.
.                       517184  IN      NS      d.root-servers.net.
.                       517184  IN      NS      a.root-servers.net.
.                       517184  IN      NS      f.root-servers.net.
.                       517184  IN      NS      h.root-servers.net.
;; Received 512 bytes from server#53(server) in 0 ms

su.                     172800  IN      NS      d.dns.ripn.net.
su.                     172800  IN      NS      e.dns.ripn.net.
su.                     172800  IN      NS      f.dns.ripn.net.
su.                     172800  IN      NS      ns.ripn.net.
su.                     172800  IN      NS      ns5.msk-ix.net.
su.                     172800  IN      NS      ns9.ripn.net.
;; Received 409 bytes from 199.7.83.42#53(l.root-servers.net) in 35 ms

aesa.su.                345600  IN      NS      ns17.imhoster.net.
aesa.su.                345600  IN      NS      ns16.imhoster.net.
;; Received 75 bytes from 193.232.128.6#53(ns5.msk-ix.net) in 8 ms

aesa.su.                14400   IN      A       91.204.73.135
aesa.su.                86400   IN      NS      ns17.imhoster.net.
aesa.su.                86400   IN      NS      ns16.imhoster.net.
;; Received 91 bytes from 91.204.72.61#53(ns17.imhoster.net) in 15 ms

Код: Выделить всё

options {
        directory       "/etc/namedb";
        pid-file        "/var/run/named/pid";
        dump-file       "/var/dump/named_dump.db";
        statistics-file "/var/stats/named.stats";
        query-source address * port 53;
        version "qqq";


        allow-query {
                any;
                };

        allow-transfer {
                192.168.0.10;
                };

        recursion yes;
        recursive-clients 5000;
        tcp-clients 500;
        notify yes;

};

//============================================

acl "common-allow-transfer" {
                        192.168.0.10;
};

//===========================================
key "rndc-key" {
    algorithm hmac-md5;
    secret "wwwwwwwwwwwwwwwwwwwwww=";
    };

controls {
    inet 127.0.0.1 allow { localhost; }
    keys {"rndc-key"; };
    };


zone "."{
        type hint;
        file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {type master;
        file "master/0.0.127.rev";

};


zone "0.1.10.IN-ADDR.ARPA" {type master;
        file "master/0.1.10.rev";
};


zone "local" {
        type master;
        file "primary/local";
};

controls {
        inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { rndc-key; };
        };

Код: Выделить всё

[root@bill2 ~]# cat /var/log/messages|grep named
Mar 26 21:00:10 bill2 named[23838]: clients-per-query decreased to 19
Mar 26 21:01:52 bill2 named[23838]: clients-per-query increased to 15
Mar 26 21:15:00 bill2 named[23838]: client 89.223.39.70#2542: view good: received notify for zone
'117.16.172.in-addr.arpa': not authoritative
Mar 26 21:17:09 bill2 named[23838]: clients-per-query increased to 20
Mar 26 21:20:08 bill2 named[23838]: client xx.xx.xx.xx#2542: view good: received notify for zone
'nwcom.loc': not authoritative
Mar 26 21:25:22 bill2 named[23838]: stopping command channel on 127.0.0.1#953
Mar 26 21:25:22 bill2 named[23838]: stopping command channel on ::1#953
Mar 26 21:25:23 bill2 named[23838]: exiting
Mar 26 21:25:23 bill2 named[27509]: starting BIND 9.6.2-P2 -t /var/named -u bind
Mar 26 21:25:23 bill2 named[27509]: built with '--prefix=/usr' '--infodir=/usr/share/info' '--mand
ir=/usr/share/man' '--enable-threads' '--disable-ipv6' '--enable-getifaddrs' '--disable-linux-caps
' '--with-openssl=/usr' '--with-randomdev=/dev/random' '--without-idn' '--without-libxml2'
Mar 26 21:25:23 bill2 named[27509]: command channel listening on 127.0.0.1#953
Mar 26 21:25:23 bill2 named[27509]: command channel listening on ::1#953
Mar 26 21:25:24 bill2 named[27509]: running

Код: Выделить всё

           Modern versions of BIND use a random UDP port for each outgoing
           query by default in order to dramatically reduce the possibility
           of cache poisoning.  All users are strongly encouraged to utilize
           this feature, and to configure their firewalls to accommodate it.

           AS A LAST RESORT in order to get around a restrictive firewall
           policy you can try enabling the option below.  Use of this option
           will significantly reduce your ability to withstand cache poisoning
           attacks, and should be avoided if at all possible.

           Replace NNNNN in the example with a number between 49160 and 65530.
        // query-source address * port NNNNN;

Код: Выделить всё

query-source address server port 53;