Open resolver: Difference between revisions

From ICO wiki
Jump to navigationJump to search
Rvahtel (talk | contribs)
Rvahtel (talk | contribs)
No edit summary
Line 2: Line 2:


=Sissejuhatus=
=Sissejuhatus=
=Lingid=
* Ubuntu Bind9 konfigureerimine [https://help.ubuntu.com/community/BIND9ServerHowto]
* konfinäide: [http://jazzymarketing.com/main/0904/open-resolver-securing-bind-server]
* Openresolver [http://dns.measurement-factory.com/surveys/openresolvers.html]


=Bind9 konfigureerimine=
=Bind9 konfigureerimine=
Line 54: Line 50:


* Veebipõhine liides: http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
* Veebipõhine liides: http://dns.measurement-factory.com/cgi-bin/openresolvercheck.pl
=Lingid=
* Ubuntu Bind9 konfigureerimine [https://help.ubuntu.com/community/BIND9ServerHowto]
* konfinäide: [http://jazzymarketing.com/main/0904/open-resolver-securing-bind-server]
* Openresolver [http://dns.measurement-factory.com/surveys/openresolvers.html]
[[Category:IT infrastruktuuri teenused]]
[[Category:IT infrastruktuuri teenused]]
[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]
[[Category:Operatsioonisüsteemide administreerimine ja sidumine]]

Revision as of 19:42, 12 March 2011

Teema võetud - Peep Binsol, Rene Vahtel

Sissejuhatus

Bind9 konfigureerimine

name.conf.options näitefail

acl me {192.168.7.0/24;};

options {
        directory "/var/cache/bind";

         forwarders {
                8.8.8.8;
                8.8.4.4;
         };

        allow-recursion { me; };
        allow-query { me; };
        allow-transfer { me; };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};


  • acl - access control list, nimekiri võrkudest või ip aadressidest
  • allow-recursion - kas päringud on lubatud "forwarders" nimeserveritesse
  • allow-query - kas päringud on lubatud
  • allow-transafer - kas tsooni transfer on lubatud

Open resolver test

  • Käsurealt küsimine kasutades dig programmi:

Kontrollime nimeserverit 193.40.254.227

dig +short 227.254.40.193.dnsbl.openresolvers.org
127.0.0.2

Juhul kui vastus on 127.0.0.2 siis on tegu openresolveriga.

Teine variant (kontrollitakse masinas kasutatavad nimeserverit):

dig +short amiopen.openresolvers.org TXT
"Your resolver at 193.40.56.245 is CLOSED"

Lingid

  • Ubuntu Bind9 konfigureerimine [1]
  • konfinäide: [2]
  • Openresolver [3]