Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
So I am trying to figure out resolver and I need to figure out how a resolver might attempt to find the IP address of the example domain? I dont know to much about a resolver and I was wondering if someone could help me.
My second question is for a project I am setting up and I need to figure out which part of the DNS is most vulnerable to an attack from a malicious user and why is this? I need to have a reason for this so if anyone could help me on this too, it would be greatly appreciated.
I need to figure out which part of the DNS is most vulnerable to an attack
See www.cve.mitre.org, www.kb.cert.org, securityfocus.com and secunia.com and do some research using terms like DNS and vulnerability, Paul Vixie, Dan Kaminsky, Dancho Danchev
Originally Posted by jonhanna
(..) and why is this?
...which should give you a cornucopia of reasons, ranging from "simple" privilege escalations in software and 'net infrastructure crippling Root Server DDoS and identity theft to spoofed DNS recursion attacks, rebinding and cache poisoning attacks. (Also see 'net "economy" as in Russian Business Network, shadowserver as in botnet stats, shady marketing, typo-squatting, malware distribution.)
More seriously, I don't know why so many people think DNS is exactly equivalent to bind. Setting up Bind can be a bit of a pain, particularly when its chrooted and the history of Bind is not one that gives you a great deal of confidence that the current version is free of significant bugs.
Something like djbdns/dnsmasq/maradns/pdns is a better bet (imho) in simpler set ups, although there can still be a case for the Bind 'swiss army knife' for some of the more involved set-ups.
And, for a secure installation, with Bind, I think that you should know who is your security specialist, and that they check for security advisories on a very frequent basis.
This may be overkill for a small installation.
You may think I'm being paranoid (and you may be right), but most of the effort in trying to develop exploits seems to be expended against Bind rather than the alternatives and so I'm a bit more relaxed about the security situation with, say, djbdns than Bind.
I guess you will have to decide which DNS implementation you want to use, before figuring out the resolver mechanism. As for the attack issues - this seems rather to be a firewall/router topic, since these are better suited to deal with attacks. I would assume to have name servers always behind a firewall, it should be quite rare to have a name server as the only computer in an office. Otherwise putting 'named' in a jailroot seems to be quite common as a precaution move.