Linux-Sec.net Linux-Security.net Hardening-Tightening Security_Policy Hardening-HOWTO Linux Distros Distro Patches Kernel-Patches Dedicated Servers Firewalls DNS Servers Mail Servers Web Servers Turn-Off Daemons Tighten Inetd Services Top-10 Vulnerabilities Top-10 Vulnerabilities Top-20 Most Critical Vulnerability Top-10 Virus One Minute Audits OpenPorts Audit AntiVirus - AntiSpam Anti-Spam Anti-Virus spam.wav Wireless [In]Security Sniffers Security Tools SSH_SSL Firewalls MailServer FileSystem VPN Port Scan Detectors IDS Tools LogFile Analysis Ethernet Monitoring Server Monitoring Tracking & Forensics Hackers Tools Audit Tools Port Scanners Hacking Tools DDOS Tools Sniffer Tools Spoof Tools Exploits & Vulnerbilities Wireless Wireless [In]Security Misc Statistics Linux/BSD Distros Links,Articles,WatchDogs Security Mailing Lists/FAQs Liability Insurance

DNS Server Hardening Generic Server Hardening Generic Server Hardening The Infamous Turn Off Un-Used Services in inetd The Infamous Turn Off Un-Used Daemons DNS Servers cr.yp.to DNS Servers Survey cctec.com Busy DNS servers ISC.org Bind Home page - 8.3.4 or 9.2.2 ISC.org ISC.org dns testing ISC.org Secuirty/Bugs ISC.org Patches Nominum.com BIND FAQ Toad.com DNSSec cr.yp.to djbDNS cr.yp.to Other dns fefe.de djbdns FAQ DJBDns.org ( tinyDNS ) SourceForge.net Dents DNRD.nevalabs.org dnrd MaraDNS.org t-online.de pdnsd fuhr.org PerlDNS Dimensional.com PerlDNS Net-DNS.org Net::DNS NLNetLabs.nl NSD 2038Bug.com SheerDNS Zytrax.com alternative dns DNS Specific Mailing Lists ISC.org Bind - DNS ISC.org ML Archives DNS Related RFCs IANA.org DNS parameters IETF.org RFCs DNS.net DNS Resource Directory DNS.net DNS-related RFCs Roxen.com RFC in html form zVon.org DNS.net DNS Tools Olympus-Zone.net FAQS.org RFC 1713 - dnswalk, doc, lamer, ddt, checker FAQS.org RFC 1860 - Variable Length Subnet Table For IPv4 FAQs.org RFC 1912 - Common DNS errors DNS Server Hardening You should be running bind-8.3.3 or bind-9.2.1 or higher ISC.org Bind Security LinuxDoc.org DNS-HOWTO LinuxDoc.org Chroot BIND EtherBoy.com Chroot DNS DNS Error Messages ReedMedia.net AcmeBW.com AskMrDNS - dns messages Microsoft.com DNS Query Nominum.com DNS Faq Nominum.com BIND FAQ Pitt.edu Introduction to DNS - examples and graphs Rscott.org DNS OverSimplified Sans.org DNS Issues Sans.org DNS issues Vineyard.net DNS Faq - other faqs too Zytrax.com Zytrax.com ch2 Zytrax.com ch13 Securing DNS TLDP.org Securing and Optimizing Linux Sans.org DNS Secuirty Oreilly.com Upgrading to Bind9 - Top 9 Gothcas psionic.som Securing BIND Acmebw.com Securing.pdf Networking.earthweb.com Hardening the Bind DNS Server ^ Copying DNS to Jail Networking.earthweb.com Hardening the BIND DNS Server ^ same as above bovine.net Secure DNS Extensions Cymru.com Secure BIND DNSSec.net Securing DNS Ripe.net DNSSec-HOWTO htwk-leipzig.de w/ pics Chroot DNS Oreilly.com LinuxDoc.org Chroot-BIND-HOWTO debian.org Chroot+Bind EtherBoy.com Dual ChrootDNS CYMRU.com Secure Bind UnUsed IP# in Your Class-C After you have assigned, IP# to your machines, create a dummy machine occupying the rest of the unused ip# SourceForge.net LaBrea Caching-Only DNS Server PacketStormSecrity.nl Caching only DNS Server Zytrax.com vi /etc/named.conf options { directory "/var/named"; forwarders { // your primary and secondary local DNS servers 192.168.1.1; 192.168.1.2; }; }; vi /etc/resolv.conf # nameserver 1.2.3.4 nameserver 127.0.0.1 Non-Routeable IPs Cymru.com 0.0.0.0/8 1.0.0.0/8 2.0.0.0/8 10.0.0.0/8 169.254.0.0/16 172.16.0.0/12 192.0.2.0/24 192.168.0.0/16 224.0.0.0/3 IP Masks FAQS.org RFC 1860 - Variable Length Subnet Table For IPv4 CoreCom.com TelusPlanet.net Network Calculator SubnetOnline.com Router.de RalphB.net Subnetting Subnetmask.info UIC.edu ip subnetting Class-C Setup ( 254 hosts ) 192.168.1.0 Network 255.255.255.0 NetMask 192.168.1.255 BroadcastMask NetMask Options /16 255.255.0.0 /17 255.255.128.0 /18 255.255.192.0 /19 255.255.224.0 /20 255.255.240.0 /21 255.255.248.0 /22 255.255.252.0 /23 255.255.254.0 /24 255.255.255.0 == 256 hosts /25 255.255.255.128 == 128 hosts /26 255.255.255.192 == 64 hosts /27 255.255.255.224 == 32 hosts /28 255.255.255.240 == 16 hosts /29 255.255.255.248 == 8 hosts /30 255.255.255.252 == 4 hosts /31 255.255.255.254 == 2 hosts /32 255.255.255.255 == 1 host 10.10.192/19 means all possible combinations of a.b.c.d where (a.b.c.d & 255.255.224.0) == 10.10.192.0 10.10.192/19 is 10.10.192.0 - 10.10.233.255 10.10.0/18 is 10.10.0.0 - 10.10.63.255 DNS Examples FAQs.org RFC 1912 - Common DNS errors SAAS.NSW.edu.au Solving DNS & Email Server Validation Problems IntroComp.co.uk nice dns pic Zytrax.com Merit.edu SOA Internic.net root servers Linux-Sec.net/DNS/Example Example A records for www # # the real machine name is Realname1 and www is a name other people see # RealName1 IN A 1.2.3.4 www IN CNAME RealName1 Example Reverse records for www # # notice "4" is NOT used in $ORIGIN # $ORIGIN 3.2.1.IN_ADDR.ARPA. 4 IN PTR RealName1.your-domain.com Charvolant.org DNS examples Debian.org DNS FreeBSDdiary.org GaryKesller.net Example files Redhat.com Examples Rim.edu.bt Bind-8.2 Rim.edu.bt Bind-8.1.2 TroubleShooters.com DNS examples www.thing.dyndns.org LangFeldt.net DNS Howto RScott.org Maine.edu ViaVerio.com Brighton.ac.uk Brighton.ac.uk DNS Files Unco.edu TuxWeb.net Bind8, Bind9 mkRdns.org Make reverse dns ( ptr ) files intac.com Example DNS and Subnetting Planix.com Class-B subnet Planix.com Class-C subnet TelUsPlanet.net Calculators Example Primary DNS Linux-Sec.net/DNS/Example Example DNS files Example Secondary DNS Linux-Sec.net/DNS/Example Example DNS files Old ( Bind-4 ) style named.boot method vi /etc/named/named.boot secondary primary.com 1.2.3.4 ZX/primary.zx boot2conf.pl < named.boot > named.conf New ( Bind-8 ) named.conf method vi /etc/named/named.conf zone "primary.com" { type slave; file "ZX/primary.zx"; masters { 1.2.3.4; }; }; Restart the named daemon Local Copy of the Dailup RBL list Bind-4 format secondary dialups.mail-abuse.org 204.152.184.74 dialups.mail-abuse.org.ZX Bind-8 format zone "dialups.mail-abuse.org" { type slave; file "dialups.mail-abuse.org.ZX"; masters { 204.152.184.74; }; allow-transfer { none; }; allow-query { any; }; allow-update { none; }; }; Round Robin DNS ( load balancing ) hacks.Oreilly.com InetDaemon.com onjava.com WebSiteGear.com Zytrax.com Zytrax.com round robin GUIs for DNS management if you cannot manually edit the zone files and know that all the data is correct, your gui tools will NOT solve your problems DNSZone.org dns gui Sauron.jyu.fi Sauron Free Secondary DNS ISC.org Secondary.com Nominum nominum.com GraniteCanyon.com EveryDNS.net Xname.org Dynamic DCHP/DNS support DDTS.com DNSart.com DynDNS.org DynamicDNS.org $30/yr ?? EasyDNS.com $20/yr ?? No-IP.com PowerDNS.com UltraDNS.com Tzo.com Domain Name Queries/Testing Changing the Version Banner options { version "1.2.3-REL"; }; nslookup nslookup > server dns.Another-DNS-Server.net > set q=A > set q=ns > set q=CNAME > set q=MX > set q=PTR > www.target.com nslookup -querytype=mx foo.com nslookup Target.com Should return your IP# nslookup 192.168.1.1 Should return MachineName.YoourDomain.com nslookup -q=txt -class=chaos version.bind domain-name.com -- bind version Dig dig @localhost version.bind chaos txt -- bind version dig @192.168.1.85 www.target.com axfr dig @a.root-servers.net -x w.x.y ns ( for w.x.y.z ip# ) dig axfr target.com @192.168.1.85 dig @your-dns-server foo.com dig -t a www.svlug.org @64.62.190.98 +short dig +trace www.svlug.org host host foo.com host -t ns foo.com host -t mx foo.com host -v -t any foo.com DNS Server Auditing/Testing bind9.net DNS tools CentralOps.net Domain Dossier Source code AndyPryke.com FreeDNS.afraid.org Authoritive Trace from root-servers Web-Based DNS testing infoblox.com Cricket Liu's DNS check BlackCode.com combat.uxn.com COTSE.com lookup tools Demon.net Internet Query Tools DigiStar.com dnslookup DNSReport.com DNSstuff.com lots of generic test DNSqueries.com/en lots of tests Freshmeat.net DNShijacker Email-Test.com reverse lookyp Enc.com.au nslookup FooBar.tm dnsbajaj Nice graph of your DNS tree HostPulse.com nslookup IP-Plus.net DNS Check Tool ( good ) Planet.nl SamSpade.org Online Tools SamSpade.org DNS tools Cuni.cz DNS Sleuth w/ source code Tools-On.net DNS tests UniPlus.ch DNS Check Tool Planet.nl DNS tests DomTools.com DLint dnslint All-NetTools.com TechnicalInfo.net Tatumweb.com zonecut.net dnsbajaj nice graph of your dns tree Zmailer.org traceroute DTIC.mil Simple hostID test ( reverse ip# check ) NIC.fr ZoneCheck - French Norid.no ZoneCheck Domain-Reistration.lu .LU domain only Command line DNS testing FAQS.org RFC 1713 - dnswalk, doc, lamer, ddt, checker route -C -n Nominum.com QueryPerf dns_check.pl visi.com dnswalk the-Labs.com Dnstool.pl ftp.EE.LBL.gov NSLint auug.org.au DNSUtl - dns-* NetSys.cm ghba.c - gethostbyaddr() - Testing bad DNS reverse-lookup go.dlr.de lots of DNS apps SoftPanorama.org DNS Tools and Security Team-Teso.net Zodiac - DNS Monitoring & Spoofing Froyn.name DNS poisoning cr.yp.to DNS Forgery Who Owns a Particular Domain whois.nic.gov whois.nic.mil whois.us ARIN.net Internet Registries Arin.net regional registries NRO.net Afrinic.net ARIN.net APnic.net LACnic.net RIPE.net Micronicos.com whois.NetworkSolutions.com whois.InterNIC.net whois.APnic.net apnic.net docs whois.Ripe.net whois.arin.net arin.net templates whois.ad.jp whois -h whois.jprs.jp whois.isi.edu whois.nic.cc whois.nic.ch whois.cnnic.net whois.denic.de whois.hknic.net.hk whois.isnet.is whois.nic.it whois.nic.ad.jp/e whois.nic.or.kr whois.nic.mx whois.mynic.net whois.ripn.net whois.nic-se.se whois.tonic.to whois.twnic.net JPNIC.jp whois whois.nic.uk NetSol.com NetworkSolutions.com whois InterNIC.net PIR.org Arin.net whois.pl JPNIC.jp IDN Internationalized Domain Name DomainNamesWhoisRegistered.com international dWizard.net International I-DNS.net international character set ripe.net Ripe.net whois.nic.ad.jp whois NIC.gov NIC.it Whois365.com RegisterGuy.com Enc.com.au whois GeekTools whois osiruSoft.com whois wrpn.net whois - including ripe, apnic All-NetTools.com Network-Tools.com PortScan.com aka Network-Tools.com Whois.net Who owns a block of a particular IP# Merit.edu NANOG APNic.net/db Schwarzl.com IPCheck Domain Name Registrars In case of domain-name dispute, who owns the domain ( you or the registrar ) What is their Process to change your info ( dns servers, contact info .. ) InterNIC.net Complaints about Registrars Wikipedia.org .ar ... .zz AcronymsOnline.com CoreNIC.org predates icann.org Icann.org ICANN.org Becoming a Registrar iana.org Root-Zone TLD de.orsn.net root servers TLD NetworkSolutions.com Enic.cc NIC.us Neustar.us www.TV PIR.org *.org Registrar Educause.edu *.edu registrar Merit.edu *.edu registrar Greens.org All the Top-Level-Domains ( TLDs ) Xwhois.com List of TLDs Norid.no List of TLDs Domain-Analyse.de List of TLDs Centr.org lists reg fees DomainForFree.com lists reg fees AZLife.net lists reg fees Discount Registrars BulkRegister.com $10/yr + $79 one-tiem registration fee DirectNIC.com $15/yr DigAway.com $7.85/yr DomainDiscover.com $25/yr - 2 yr min Dotster.com $12/yr eNom.com $30/yr EasySpace.com Gandi.net GetWebDomains.com $14/yr gkg.net $8.49/yr GoDaddy.com $9/yr NameScout.com NetSol.com $15/yr in groups of 100 OnLineNIC.com $6.69 per 100 names PCGeeksForHire.com $15/yr + SSL certs Tucows.com aka OpenSRS - $10/domain , $95 non-refundable app fee + deposits needed Register.com $35/yr ? StarGate.com $7.95/yr Verio.com $19/yr SmallBusiness.Yahoo.com $9.95/yr NICs Around the World InterNIC.net InterNIC.net Accredited Registrar Directory InterNIC.net domain names ICANN.org Accredited Registrars Ammonet.com Centr.org E-Domain.it Goli.at Leicom.de Norid.no CyTek.de Lichtenstein TuonomeGroup.com Lichtenstein Alvente.com Lichtenstein Norid.no Sample NICs around the world NIC.ar Argentina NIC.at Austria NIC.br Brazil NIC.ch Switzerland NIC.cl Chile NIC.cz Czech Republic DeNIC.de Germany NIC.es Spain NIC.fr France NIC.hu Hungry NIC.in India NIC.it Italy NIC.ad.jp Japan NIC.mc Monaco NIC.mx Mexico NIC-SE.se Sweden SK-NIC.sk Slovakia NIC.uk UK Domain Name Resellers GreatDomains.com verisign ?? AfterNIC.com BuyDomains.com

Linux-Consulting.com == Linux-Consulting.org

ISO9660.org

BSD-Consulting.org == UNIX-Consulting.org

Hardware Products/Solutions gigEnn.net NetworkNightmare.net Custom-Chassis.net Linux-1U.net ITX-Blades.net 1U-Raid5.org Mini-Box.net

Infrastructure Consulting WanSim.net IPv6-Cloud.org Linux-Backup.net Linux-Boot.net Linux-VOIP.net Linux-Video.net C-J-K.net

Security Consulting Linux-Security.net Encrypted-Email.net Packet-Craft.net Linux-Wireless.net

Legalese Contact Legal

Copyright © 2000	Linux-Consulting	All Rights Reserved.	Updated: Sun Aug 19 23:19:25 2012 PDT