LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   DNS Question (https://www.linuxquestions.org/questions/linux-networking-3/dns-question-577284/)

rolandpish 08-15-2007 10:32 AM
DNS Question
 
Hi everyone.

I'm doing some tests in order to host my own site. I haven't registered a domain yet since I'm in a test phase.
My test site (mytest.com) is hosted on my linux box (debian). Apache Web server and DNS server (bind9) are up an running.

My question is related to DNS.

On the local network everything is working great. On a windows xp box I point the DNS server to the local IP address of the linux box. After waiting around 1 minute if I go to http://mytest.com I get the corresponding html page hosted on the linux box.

Now I'm trying to do some tests from outside of the local network.
Before doing this I forwarded the corresponding ports on the router:
53 (DNS)
80 (HTTP)
and pointed them to the linux box local ip address.
Ok. In an outside network I changed the DNS server of a windows xp box and pointed it to the public IP address where the linux box is.
If I go to: http://xxxx.xxxx.xxxx.xxxx (xxxx.xxxx.xxxx.xxxx = public ip address) the web server works correctly and serves the incoming request on port 80 and shows the corresponding html page. But if I go to http://mytest.com firefox says: time limit exceeded (after 30 seconds trying to connect to mytest.com)

I would like to ask if it is possible to test this resolution name process over the internet without registering a domain name on any registrar (I don't want to register a domain name yet because these are just tests I'm doing now).

Thanks in advance

Best regards

thebouv 08-15-2007 10:58 AM
DNS resolution occurs over UDP and doesn't just use port 53. Look here for more information:

http://www.softpanorama.org/DNS/dns_ports.shtml

Note the section that says:

Quote:
Permitting only port 53 in and out is a broken firewall configuration
unless you specifically configure named to only talk on port 53. Doing
that is probably a mistake, because you significantly limit the space of
host-port-sequence number combinations. Limiting yourself to only port
53 outbound actually reduces the security of your DNS infrastructure.

rolandpish 08-15-2007 01:36 PM
Thanks a lot for your reply thebouv.
I'll read that document carefully and see what happens.

Best regards

malx 08-16-2007 02:18 PM
Dear all,

To the point sir,
I 've read about issue of security DNS, the package is bind...
Quote:
The first issue which allows remote attackers to make recursive queries only
affects Slackware 12.0. More details about this issue may be found in the
Common Vulnerabilities and Exposures (CVE) database:
And it's link about that issue Issue
So, now I wanna get some tips how to make our DNS Server has higher security than before.
If one of yuo have a link, :) please give me.... I wanna learn more about the security....
This is for our future....It's important things.

Thank's

Best Regard's:

--Malx--

I'm sorry if my question bad...I'm newbie


All times are GMT -5. The time now is 08:17 AM.