DNS – Page 2 – IT Blog

Logrotate Bind9

Suppose Bind9 logs are written to the /var/log/named/ directory, have the .log extension and so that the disk space does not overflow with logs, configure logrotate.

How to install and configure Unbound

I will give an example of installing the Unbound caching DNS server.

You can install Unbound in Ubuntu with the command:

IPTables rules for DNS

Suppose the default INPUT DROP and a DNS server is installed, now I will give an example of IPTables rules so that clients can access the DNS server.

To open the DNS port in IPTables, let’s execute the rule:

Dnstop – monitoring of requests to the DNS server

Dnstop allows you to make a list of hosts that most send requests to the DNS server, so you can detect viruses on the network and understand who is attacking.

How to convert a list of IP addresses to DNS names

In Linux, you can convert a list of IP addresses into DNS names, for example, by a simple script.

To do this, create an empty file with the extension .sh, make it executable and add the content to it:

#!/bin/sh
while read ip traf ; do
    name=`host $ip|awk '{print $NF}'`
    echo -e "$name\t$ip\t$traf"
done >name_ip_traf.lst <ip_traf.lst

Where ip_traf.lst is a file with a list of IP addresses that need to be converted to DNS names.

You can make it executable by the command:

chmod +rwx file.sh

Run the script in the directory where it is located by the command:

./file.sh

Or run by specifying the full path:

/dir/file.sh

After the startup, you must wait for a while or interrupt the execution by pressing CTRL+C.

How to configure SPF records

SPF (Sender Policy Framework) allows you to specify in the TXT DNS records domain settings addresses from which you can send mail to prevent e-mail spoofing.

Configuring Fail2Ban for Bind9

Suppose Fail2Ban is already installed, if not, then see my article – Installing and Configuring Fail2ban.

By default, Bind9 does not write logs, so open its configuration file in any text editor:

Starting from the version of RouterOS v6.14, the Cloud function is added which allows using the Dynamic DNS name for a device that is automatically assigned and can be accessed by it even if the IP address is changed.

Example of switching through the console:

ip cloud set enabled=yes

Example of viewing parameters:

ip cloud print

Enable device time update with DDNS server time (if SNTP or NTP service is not configured):

ip cloud update-time yes/no

Immediate update of DDNS:

ip cloud force-update

View the DDNS name:

ip cloud dns-name

View the public IP address to which DDNS is bound:

ip cloud public-address

Binding DDNS to a local IP address instead of a public one, for example to 192.168.1.101, etc.)

ip cloud advanced use-local-address yes/no

View the current status of the Cloud (updated, updated, error, etc.):

ip cloud status

Through the graphical interface of the Cloud settings can be found in the menu “IP” – “Cloud”.

Monitoring DNS from Zabbix

To monitor the DNS service itself on the port, you can use the following key in the data items (where SERVER is the IP address or DNS server domain):

net.tcp.dns[SERVER]

In order not to create a template from scratch, you can clone eg the standard “Template App SSH Service” by changing the name in it and specifying a new key, the trigger will change automatically. And also in the “Type” we select “Zabbix agent” instead of a simple check.

The next command can be checked from the Linux command line:

zabbix_get -s127.0.0.1 -k'net.tcp.dns[SERVER]'

Naturally, if the answer is 1, the DNS service is started, 0 is not.

If Zabbix-agent is installed on the node, then in the field the key is better to specify:

proc.num[nemed]

See also my article:
Monitoring Bind9 in Zabbix

Monitoring Bind9 in Zabbix

For example, I will describe the option of monitoring the DNS server Bind9 in Zabbix.

To start, we turn on the Bind9 statistics, open the configuration file in a text editor, for example nano (Ctrl+X to exit, y/n to save or discard changes):

Tag Archives: DNS