bind 9

Our FAQ section is updated in last few days with new howtos:

  • Linux Network IP Accounting – I need to know how much data are transmitted on my ppp0 network or eth0 Internet links? How do I set IP accounting by address such as 123.1.2.3 and 123.1.2.4? How do I set IP accounting per Apache virtual domain? How do I set accounting by service port (http, smtp) and protocol (tcp, udp, icmp)? How do I record how much traffic each of the clients computer is using?
  • Linux / UNIX: DNS Lookup Command – How do I perform dns lookup under Linux or UNIX or OS X operating systems without using 3rd party web sites for troubleshooting DNS usage?
  • Linux: Find Out Which Process Is Listening Upon a Port – How do I find out running processes were associated with each open port? How do I find out what process has open tcp port 111 or udp port 7000 under Linux?
  • Google Apps Domain Create SPF Records For BIND or Djbdns – I work for a small business and outsourced our email hosting to Google. However, I noticed that spammers are using our From: First Last to send their spam messages. All bounced messages come to our catch only account. How do I stop this? How do I validate our domain using SPF? How do I configure a SPF for Google Apps domain using BIND 9 or djbdns?
    Mac Os X: Mount NFS Share / Set an NFS Client – How do I access my enterprise NAS server by mounting NFS filesystem onto my Mac OS X based system using GUI and command line based tools?
  • Explains: echo Command (echo $”string”) Double-quoted String Preceded By a Dollar Sign – I noticed that many shell scripts in /etc/init.d/ directory use the following syntax – echo $”Usage $prog start|stop|reload|restart”. Why a double-quoted string preceded by a dollar sign ($”string”) using the echo command under Linux / UNIX bash scripts?
  • Get intimated about our new howtos / faqs as soon as it is released via RSS feed.

{ 0 comments }

BIND 9 is an implementation of the Domain Name System (DNS) protocols. named daemon is an Internet Domain Name Server for UNIX like operating systems. Dynamic update messages may be used to update records in a master zone on a nameserver. When named receives a specially crafted dynamic update message an internal assertion check is triggered which causes named to exit. An attacker which can send DNS requests to a nameserver can cause it to exit, thus creating a Denial of Service situation. configuring named to ignore dynamic updates is NOT sufficient to protect it from this vulnerability. This exploit is public. Please upgrade immediately.

{ 7 comments }

I’ve three nameserver load-balanced (LB) in three geo locations. Each LB has a front end public IP address and two backend IP address (one for BIND and another for zone transfer) are assigned to actual bind 9 server running Linux. So when a zone transfer initiates from slave server, all I get errors. A connection cannot be established, it tries again with the servers main ip or LB2 / LB3 ip. This is a problem because my servers are geo located and load balanced. However, there is a small workaround for this problem.

{ 5 comments }

Dan Kaminsky discovered that properties inherent to the DNS protocol lead to practical DNS cache poisoning attacks. Among other things, successful attacks can lead to misdirected web traffic and email rerouting.

{ 5 comments }

The BIND DNS implementation does not randomize the UDP source port when doing remote queries, and the query id alone does not provide adequate randomization.

{ 0 comments }