sleed Posted April 19, 2014 Report Posted April 19, 2014 (edited) Testat pe Debian / Ubuntu " Wheezy / 14Inainte cititi putin despre BIND - Wikipedia, the free encyclopedia bind serverDNS SERVER/: Sistem de nume de domeniu - Wikipedia// ESTE NEAPARAT SA AVETI PORT-UL 53 FORWARDAT PE ROUTER, DACA AVETI WIFI!// DACA ESTE VREO PROBLEMA, DATI-MI UN P.M SA INCERC SA VA AJUT.//Tutorial Made by sleed [Romanian Security Team]1) Dam full update: apt-get update && apt-get upgrade2) Instalam bind server:apt-get install bind9 bind9-docFacem directoare : binddir="/var/cache/bind"etcdir="/etc/bind"3) Modificam asa in named.conf.local : //// Do any local configuration here//// Consider adding the 1918 zones here, if they are not used in your// organization//include "/etc/bind/zones.rfc1918";include "/etc/bind/ddns.key[sau nektsistem.sytes.net]";zone "nektsistem.sytes.net" { type master; notify no; file "/etc/bind/zones/nektsistem.sytes.net"; allow-update { key DDNS_UPDATE; };};zone "1.168.192.in-addr.arpa" { type master; notify no; file "/etc/bind/zones/1.168.192.in-addr.arpa"; allow-update { key DDNS_UPDATE; };};Apo facem un fisier :[I]ddns-confgen -r /dev/urandom -q -a hmac-md5 -k nektsistem.sytes.net -s nektsistem.sytes.net. | tee -a /etc/bind/neksistem.sytes.net.keys > /etc/bind/key.nektsistem.sytes.net[/I]chown root:bind /etc/bind/nektsistem.sytes.net.keys ->Ca sa adaugam permisiile doar pentru grupul root si bindMai sus unde vedeti ddns key, la include include,adaugam"/etc/bind/nektsistem.sytes.net.keys";La /etc/bind/zones sa avem : fisierul nektsistem.sytes.net !!!! Eu il am configurat asa :$TTL 86400@ IN SOA ns1.nektsistem.sytes.net. admin.nektsistem.sytes.net. ( 2008030501 ; serial number YYMMDDNN 10800 ; Refresh 3600 ; Retry 604800 ; Expire 38400 ; Min TTL )@ IN NS ns1.nektsistem.sytes.net.@ IN MX 10 mail.nektsistem.sytes.net.#[Nu e cazu ca aia de la rds nu mi-au deblocat portu 25] [Multumesc RDS] ns1 IN A 192.168.0.53mail IN A 192.168.0.100Pentru update facem in felu urmator : cat <<EOF | nsupdate -k /etc/bind/key.nektsistem.sytes.netserver nektsistem.sytes.netzone nektsistem.sytes.net.update delete nektsistem.sytes.net.update add nektsistem.sytes.net. 60 A 192.168.0.1update add nektsistem.sytes.net. 60 TXT "Updated on $(date)"sendEOFAcum modificam DHCPD conf in /etc/dhcpd/dhcpd.confauthoritative;option domain-name "nektsistem.sytes.net";option domain-name-servers ns1.nektsistem.sytes.net;ddns-updates on;ddns-update-style interim;ignore client-updates;update-static-leases on;default-lease-time 700;max-lease-time 700;log-facility local7;include "/etc/dhcp/ddns.key";zone nektsistem.sytes.net. { primary 127.0.0.1; key DDNS_UPDATE;}zone 0.168.192.in-addr.arpa. { primary 127.0.0.1; key DDNS_UPDATE;}subnet 192.168.0.100 netmask 255.255.255.0 { range 192.168.0.10 192.168.2.100; option routers 192.168.0.1;}RESTART LA SERVERUL BIND9: Service bind9 restart sau /etc/init.d/bind9 restart// Acest tutorial a facut cu ajutorul NO-IP. Faceti cont acolo, apoi la host & redirect : http://www.noip.com/members/dns/adaugati-va un host, eu am ales nektsistem.Apoi sa aveti no ip instalat pe server / statia de lucru! cd /usr/local/src wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz tar xzf noip-duc-linux.tar.gz cd no-ip-2.1.9-1 make make installSi sa faceti update : Aveti aici un config : ########################################################! /bin/shcase "$1" in start) echo "Serviciu NOIP2-PORNIT." /usr/local/bin/noip2 ;; stop) echo -n "Serviciu NOIP2-Oprit." killall -q -TERM /usr/local/bin/noip2 ;; *) echo "Usage: $0 {start|stop}" exit 1esacexit 0#######################################################Pentru a putea face update-urile zilnice Cam atat a fost, acest l-am facut eu de la 0 si m-am chinuit putin sa fiu mai catolic ca si Papa! [ sleed from RST ]Daca copiati acest tutorial nu uitati sa puneti LInk-ul Si sa facem test!host nektsistem.sytes.netnektsistem.sytes.net has address 188.26.170.208 dig nektsistem.sytes.net; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> nektsistem.sytes.net;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63698;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5;; QUESTION SECTION:;nektsistem.sytes.net. IN A;; ANSWER SECTION:nektsistem.sytes.net. 41 IN A 188.26.170.208;; AUTHORITY SECTION:sytes.net. 10149 IN NS nf3.no-ip.com.sytes.net. 10149 IN NS nf2.no-ip.com.sytes.net. 10149 IN NS nf1.no-ip.com.sytes.net. 10149 IN NS nf4.no-ip.com.;; ADDITIONAL SECTION:nf1.no-ip.com. 33761 IN A 50.31.129.129nf1.no-ip.com. 10271 IN AAAA 2001:1838:f002::129nf2.no-ip.com. 24260 IN A 69.72.255.8nf3.no-ip.com. 33761 IN A 69.65.40.108nf4.no-ip.com. 873 IN A 69.65.5.122;; Query time: 4 msec;; SERVER: 192.168.0.1#53(192.168.0.1);; WHEN: Sat Apr 19 19:32:29 2014;; MSG SIZE rcvd: 227ig +qr nektsistem.sytes.net -x 127.0.0.1 nektsistem.sytes.net ns +noqr; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +qr nektsistem.sytes.net -x 127.0.0.1 nektsistem.sytes.net ns +noqr;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41956;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5;; QUESTION SECTION:;nektsistem.sytes.net. IN A;; ANSWER SECTION:nektsistem.sytes.net. 60 IN A 188.26.170.208;; AUTHORITY SECTION:sytes.net. 10091 IN NS nf4.no-ip.com.sytes.net. 10091 IN NS nf1.no-ip.com.sytes.net. 10091 IN NS nf3.no-ip.com.sytes.net. 10091 IN NS nf2.no-ip.com.;; ADDITIONAL SECTION:nf1.no-ip.com. 33703 IN A 50.31.129.129nf1.no-ip.com. 10213 IN AAAA 2001:1838:f002::129nf2.no-ip.com. 24202 IN A 69.72.255.8nf3.no-ip.com. 33703 IN A 69.65.40.108nf4.no-ip.com. 815 IN A 69.65.5.122;; Query time: 41 msec;; SERVER: 192.168.0.1#53(192.168.0.1);; WHEN: Sat Apr 19 19:33:26 2014;; MSG SIZE rcvd: 227;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41425;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;1.0.0.127.in-addr.arpa. IN PTR;; ANSWER SECTION:1.0.0.127.in-addr.arpa. 3600 IN PTR localhost.;; AUTHORITY SECTION:0.0.127.in-addr.arpa. 3600 IN NS localhost.;; Query time: 1 msec;; SERVER: 192.168.0.1#53(192.168.0.1);; WHEN: Sat Apr 19 19:33:26 2014;; MSG SIZE rcvd: 106;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49872;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;nektsistem.sytes.net. IN NS;; AUTHORITY SECTION:sytes.net. 60 IN SOA nf1.no-ip.com. hostmaster.no-ip.com. 2046448184 600 300 604800 600;; Query time: 66 msec;; SERVER: 192.168.0.1#53(192.168.0.1);; WHEN: Sat Apr 19 19:33:26 2014;; MSG SIZE rcvd: 98//Edit-> Am sa revin si cu slave, partea a II + Securizare cand am sa am timp! Edited April 19, 2014 by sleed etc.. 1 Quote
Castiel Posted April 19, 2014 Report Posted April 19, 2014 Frumos , tutorial ! Bine realizat , +rep . Maine dimineata cand ma scol il voi testa tinand cont ca si eu am ip dinamic . Quote
GarryOne Posted April 19, 2014 Report Posted April 19, 2014 // ESTE NEAPARAT SA AVETI PORT-UL 53 FORWARDAT PE WIFI, DACA AVETI WIFI!Portul se forward-eaza pe router, nu pe wifi. Quote
sleed Posted April 19, 2014 Author Report Posted April 19, 2014 (edited) Da scuze, mersi acu am vazut @ modific. Edited April 23, 2014 by sleed Quote