LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices


Reply
  Search this Thread
Old 08-20-2009, 01:25 AM   #1
wvw
Member
 
Registered: Apr 2008
Posts: 33

Rep: Reputation: 15
DNS Questions


Hello

I have an ubuntu 8.04 Server and I have a private WAN working on a 10.x.x.x IP address range. I would like to set up a DNS service for this WAN but am not sure how to do this. Can I go ahead and add the hostnames with corresponding IP's in my resolv.conf file?

I have configured DNS on the box and it's working very neatly. However I am very paranoid about the vulnerabilities on port 53. I am still a "green ninja" when it comes to DNS so I would like to ask a whole bunch of questions.

My work pc is connected to the internet using a temporary internet connection which I am testing out. My server is connected to the internet via a DSL router. So both machines have different IP's which is great for testing purposes. That said, I have telneted to my server (from my workstation) on port 53 and had a connection. What commands can I execute once connected? What software do people use to run malicious code on a DNS Server?

If I want to protect my server, can I use ufw to block telnet to port 53 or will it not work? I understand DNS uses port 53 UDP & TCP so blocking all TCP connections to port 53 won't allow me to do queries against my server. If I cannot use ufw for above mentioned purpose, can I use IP tables to block telnet to port 53? Or does the software "hackers" use execute all the malicious code remotely without having to telnet to port 53?

Once I have my DNS server open for public to query against it, how do I know my server has been compromised? Can I check the log files on the server or is there something specific to check for (like thousands of DNS queries using random ports greater than 1023?)

Can I set up a log file (other than the DNS logging & /var/log/syslog files) to capture any connection attempts and what the connected user is trying to do on my server?

Would it be the safest to isolate my server by putting it in a DMZ? That way my LAN is better protected.

TIA
wvw
 
Old 08-20-2009, 02:58 AM   #2
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
You've got a lot of different topics to cover in your post.. it's best to create topic specific posts so the conversations stay "on topic"... I'll reply with some DNS specific comments.

Other questions would be best answered in a security thread.

Quote:
Can I go ahead and add the hostnames with corresponding IP's in my resolv.conf file?
You're mixing up the /etc/hosts file and the /etc/resolv.conf file

/etc/hosts contains hostnames and their IP addresses. It's used to (rapidly) locally resolve hostnames.

The /etc/resolv.conf file is used to specify which DNS servers the localhost will use to resolve hostnames. Generally, it only contains the IP address of the DNS servers to be used...

As for protecting your DNS server... if it's just a resolver for internal hosts, then you can block 53/tcp from everything and only allow internal hosts access to 53/udp.

If it's a resolver for a publicly accessible host, then you'll need to allow access to 53/udp for everything. In both cases, you can block 53/tcp as it's mostly used for transferring zones between master/slave DNS servers.
 
Old 08-21-2009, 01:24 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.10, Centos 7.3
Posts: 17,537

Rep: Reputation: 2420Reputation: 2420Reputation: 2420Reputation: 2420Reputation: 2420Reputation: 2420Reputation: 2420Reputation: 2420Reputation: 2420Reputation: 2420Reputation: 2420
You may want to separate what internal (to your lan) and external requesters can see.
Have a look at http://www.linuxhomenetworking.com/w...onfiguring_DNS section entitled 'Configuring BIND Views in named.conf'
 
Old 08-28-2009, 01:25 AM   #4
wvw
Member
 
Registered: Apr 2008
Posts: 33

Original Poster
Rep: Reputation: 15
Hi Admiral Beotch

Thanks for clearing up the hosts file. My problem is when I add the static entries into the hosts file, I can ping the names from the server no problem. However, I am trying to use the server as a DNS server for my local pc and when I try to ping the static hosts from my local pc it cannot find the hosts. So I think these hosts need to be placed elsewhere although I am not sure where as I am still super fresh when it comes to setting up DNS.

Can you please point me in the right direction as to where on my srever I need to put my hosts?

TIA
wvw
 
Old 08-28-2009, 01:29 AM   #5
wvw
Member
 
Registered: Apr 2008
Posts: 33

Original Poster
Rep: Reputation: 15
Hi Chrism01

Thanks for the link. I'll be checking it out.

Cheers
 
Old 08-28-2009, 02:25 AM   #6
JulianTosh
Member
 
Registered: Sep 2007
Location: Las Vegas, NV
Distribution: Fedora / CentOS
Posts: 674
Blog Entries: 3

Rep: Reputation: 90
Quote:
Originally Posted by wvw View Post
Can you please point me in the right direction as to where on my srever I need to put my hosts?
Chrism01 got you covered on this one. Good luck!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS Questions Multiple DNS Servers with single domain linuxcrazyguy Linux - Networking 1 01-27-2009 12:21 PM
DNS questions Stabby McTwist Linux - Newbie 5 05-30-2006 08:20 PM
DNS questions davespink Linux - Newbie 3 02-18-2005 07:34 AM
A Few DNS Questions dave_starsky Linux - Networking 3 10-28-2004 03:08 AM
DNS Questions... Simon W Linux - Networking 0 02-28-2002 07:32 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Server

All times are GMT -5. The time now is 11:09 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration