Here’s the Top PingPlotter Alternatives & Replacements for Network Connectivity Troubleshooting and Traceroute Type Features!
We will explore rndc, which is a new tool with BIND 9 that takes the place of ndc in BIND 8. First we need to create a key using dnssec-keygen: [root@srv-3 /root]# dnssec-keygen -a hmac-md5 -b 256 -n user rndc Krndc.+157+34404 [root@srv-3 /root]# ls Krndc.+157+34404.key Krndc.+157+34404.private [root@srv-3 /root]# cat *.private Private-key-format: v1.2 Algorithm: 157 (HMAC_MD5) […]
We will use Webmin to automate updates of forward and reverse zones. Webmin will automatically update both, as well as restart your services and increment your serial number. Webmin is much more than just a DNS tool. It can be used to administer many services. Since Webmin is Open Source, released under the BSD license, […]
There are two different default DNS/BIND TTL settings you need to switch when moving domains to a different IP address. One is the negative caching setting in the SOA record, and the other is the default ttl at the top of the file ($ttl).. If you have different TTL settings for your indidual record, you […]
We talked in this article about setting the TTLs for DNS records in BIND for the purposes of moving a website, or, more specifically, changing the IP address of an authoritative DNS server. In this article, we will show you how to turn up the logging and output the results to a file. Again, this […]
When you allow recursive lookups, you open yourself up to various security risks and performance issues, so you should only allow recursion when needed. Recursive lookups are lookups for domains you are not authoritative for. That is, if you are authoritative for mycompany.com, and you don’t allow recursion, then if somebody queries your server for […]
If you need to put a domain name in documentation, example.net, example.com, and example.org are reserved for this purpose as defined in this RFC. This will prevent an inadvertently run script from causing trouble, as well as avoiding an association with a seemingly arbitrary host.
>1< | 2 | 3 We were checking out the various servers that we administer and noticed that one of our hosts is not up to the latest version of BIND. Yum update wasn’t giving us joy, so we grabbed the latest version of BIND: # wget http://ftp.isc.org/isc/bind9/9.5.0-P2/bind-9.5.0-P2.tar.gz –07:10:17– http://ftp.isc.org/isc/bind9/9.5.0-P2/bind-9.5.0-P2.tar.gz Resolving ftp.isc.org… 188.8.131.52, 2001:4f8:0:2::18 Connecting […]
1 | >2< | 3 We are ripping out the old RPMs. Let’s figure out what RPMs they are: # rpm -qa | grep bind bind-9.3.4-8.P1.fc6 bind-libs-9.3.4-8.P1.fc6 Let’s start removing them: # rpm -e bind-libs-9.3.4-8.P1.fc6 error: Failed dependencies: libbind9.so.0 is needed by (installed) bind-9.3.4-8.P1.fc6.i386 libdns.so.22 is needed by (installed) bind-9.3.4-8.P1.fc6.i386 libisc.so.11 is needed by (installed) […]
1 | 2 | >3< We need a directory for the PID, and put it in /var/run/named: # mkdir /var/run/named # ls -ld /var/run/named drwxr-xr-x 2 root root 4096 Aug 3 07:58 /var/run/named # chown named /var/run/named # chgrp named /var/run/named # ls -ld /var/run/named drwxr-xr-x 2 named named 4096 Aug 3 07:58 /var/run/named # […]
There is another flurry of interest in DNS cache poisoning. The first thing that you should do is turn off recursion if you don’t need it. One way to determine this is with DiG: $ dig -v DiG 9.5.0-P2 $ Verizon operates a well known server that does recursive lookups: $ dig @184.108.40.206 example.com ; […]
It is fairly easy to obtain DNS information for a domain listed by name or IP address. You can use the following procedure regardless of what platform your DNS is running on. You can also use this to verify what names your DNS thinks it is resolving, since this won’t necessarily match your hosts file. […]
In addition to resolving NetBIOS names for small networks, the LMHOSTS file can be used to back up WINS. Since the cached entries are referred to first, you can manually reset the cache of a corrupt or missing domain by reloading the entries in the LMHOSTS file. Make sure your system has the LMHOSTS checked […]
We’ve found that a star topology generally works best for WINS replication, with push/pull replication from one central hub. One indication that your WINS database entries are invalid is if you get “no domain controller available” errors between trusted domains in the system event log. This can almost always be cleared up by disabling replication […]
We’ll start out simple in this section with just three hosts, a cname for www, and an mx record. As we integrate DNS with other services we will add more sections. We are using Red Hat 7.1, but there is little here that is distribution-specific. The only thing that might change is the way you […]