sleed Posted April 19, 2014 Report Share Posted April 19, 2014 (edited) Testat pe Debian / Ubuntu " Wheezy / 14Inainte cititi putin despre BIND - Wikipedia, the free encyclopedia bind serverDNS SERVER/: Sistem de nume de domeniu - Wikipedia// ESTE NEAPARAT SA AVETI PORT-UL 53 FORWARDAT PE ROUTER, DACA AVETI WIFI!// DACA ESTE VREO PROBLEMA, DATI-MI UN P.M SA INCERC SA VA AJUT.//Tutorial Made by sleed [Romanian Security Team]1) Dam full update: apt-get update && apt-get upgrade2) Instalam bind server:apt-get install bind9 bind9-docFacem directoare : binddir="/var/cache/bind"etcdir="/etc/bind"3) Modificam asa in named.conf.local : //// Do any local configuration here//// Consider adding the 1918 zones here, if they are not used in your// organization//include "/etc/bind/zones.rfc1918";include "/etc/bind/ddns.key[sau nektsistem.sytes.net]";zone "nektsistem.sytes.net" { type master; notify no; file "/etc/bind/zones/nektsistem.sytes.net"; allow-update { key DDNS_UPDATE; };};zone "1.168.192.in-addr.arpa" { type master; notify no; file "/etc/bind/zones/1.168.192.in-addr.arpa"; allow-update { key DDNS_UPDATE; };};Apo facem un fisier :[I]ddns-confgen -r /dev/urandom -q -a hmac-md5 -k nektsistem.sytes.net -s nektsistem.sytes.net. | tee -a /etc/bind/neksistem.sytes.net.keys > /etc/bind/key.nektsistem.sytes.net[/I]chown root:bind /etc/bind/nektsistem.sytes.net.keys ->Ca sa adaugam permisiile doar pentru grupul root si bindMai sus unde vedeti ddns key, la include include,adaugam"/etc/bind/nektsistem.sytes.net.keys";La /etc/bind/zones sa avem : fisierul nektsistem.sytes.net !!!! Eu il am configurat asa :$TTL 86400@ IN SOA ns1.nektsistem.sytes.net. admin.nektsistem.sytes.net. ( 2008030501 ; serial number YYMMDDNN 10800 ; Refresh 3600 ; Retry 604800 ; Expire 38400 ; Min TTL )@ IN NS ns1.nektsistem.sytes.net.@ IN MX 10 mail.nektsistem.sytes.net.#[Nu e cazu ca aia de la rds nu mi-au deblocat portu 25] [Multumesc RDS] ns1 IN A 192.168.0.53mail IN A 192.168.0.100Pentru update facem in felu urmator : cat <<EOF | nsupdate -k /etc/bind/key.nektsistem.sytes.netserver nektsistem.sytes.netzone nektsistem.sytes.net.update delete nektsistem.sytes.net.update add nektsistem.sytes.net. 60 A 192.168.0.1update add nektsistem.sytes.net. 60 TXT "Updated on $(date)"sendEOFAcum modificam DHCPD conf in /etc/dhcpd/dhcpd.confauthoritative;option domain-name "nektsistem.sytes.net";option domain-name-servers ns1.nektsistem.sytes.net;ddns-updates on;ddns-update-style interim;ignore client-updates;update-static-leases on;default-lease-time 700;max-lease-time 700;log-facility local7;include "/etc/dhcp/ddns.key";zone nektsistem.sytes.net. { primary 127.0.0.1; key DDNS_UPDATE;}zone 0.168.192.in-addr.arpa. { primary 127.0.0.1; key DDNS_UPDATE;}subnet 192.168.0.100 netmask 255.255.255.0 { range 192.168.0.10 192.168.2.100; option routers 192.168.0.1;}RESTART LA SERVERUL BIND9: Service bind9 restart sau /etc/init.d/bind9 restart// Acest tutorial a facut cu ajutorul NO-IP. Faceti cont acolo, apoi la host & redirect : http://www.noip.com/members/dns/adaugati-va un host, eu am ales nektsistem.Apoi sa aveti no ip instalat pe server / statia de lucru! cd /usr/local/src wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz tar xzf noip-duc-linux.tar.gz cd no-ip-2.1.9-1 make make installSi sa faceti update : Aveti aici un config : ########################################################! /bin/shcase "$1" in start) echo "Serviciu NOIP2-PORNIT." /usr/local/bin/noip2 ;; stop) echo -n "Serviciu NOIP2-Oprit." killall -q -TERM /usr/local/bin/noip2 ;; *) echo "Usage: $0 {start|stop}" exit 1esacexit 0#######################################################Pentru a putea face update-urile zilnice Cam atat a fost, acest l-am facut eu de la 0 si m-am chinuit putin sa fiu mai catolic ca si Papa! [ sleed from RST ]Daca copiati acest tutorial nu uitati sa puneti LInk-ul Si sa facem test!host nektsistem.sytes.netnektsistem.sytes.net has address 188.26.170.208 dig nektsistem.sytes.net; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> nektsistem.sytes.net;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63698;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5;; QUESTION SECTION:;nektsistem.sytes.net. IN A;; ANSWER SECTION:nektsistem.sytes.net. 41 IN A 188.26.170.208;; AUTHORITY SECTION:sytes.net. 10149 IN NS nf3.no-ip.com.sytes.net. 10149 IN NS nf2.no-ip.com.sytes.net. 10149 IN NS nf1.no-ip.com.sytes.net. 10149 IN NS nf4.no-ip.com.;; ADDITIONAL SECTION:nf1.no-ip.com. 33761 IN A 50.31.129.129nf1.no-ip.com. 10271 IN AAAA 2001:1838:f002::129nf2.no-ip.com. 24260 IN A 69.72.255.8nf3.no-ip.com. 33761 IN A 69.65.40.108nf4.no-ip.com. 873 IN A 69.65.5.122;; Query time: 4 msec;; SERVER: 192.168.0.1#53(192.168.0.1);; WHEN: Sat Apr 19 19:32:29 2014;; MSG SIZE rcvd: 227ig +qr nektsistem.sytes.net -x 127.0.0.1 nektsistem.sytes.net ns +noqr; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> +qr nektsistem.sytes.net -x 127.0.0.1 nektsistem.sytes.net ns +noqr;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41956;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 5;; QUESTION SECTION:;nektsistem.sytes.net. IN A;; ANSWER SECTION:nektsistem.sytes.net. 60 IN A 188.26.170.208;; AUTHORITY SECTION:sytes.net. 10091 IN NS nf4.no-ip.com.sytes.net. 10091 IN NS nf1.no-ip.com.sytes.net. 10091 IN NS nf3.no-ip.com.sytes.net. 10091 IN NS nf2.no-ip.com.;; ADDITIONAL SECTION:nf1.no-ip.com. 33703 IN A 50.31.129.129nf1.no-ip.com. 10213 IN AAAA 2001:1838:f002::129nf2.no-ip.com. 24202 IN A 69.72.255.8nf3.no-ip.com. 33703 IN A 69.65.40.108nf4.no-ip.com. 815 IN A 69.65.5.122;; Query time: 41 msec;; SERVER: 192.168.0.1#53(192.168.0.1);; WHEN: Sat Apr 19 19:33:26 2014;; MSG SIZE rcvd: 227;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41425;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;1.0.0.127.in-addr.arpa. IN PTR;; ANSWER SECTION:1.0.0.127.in-addr.arpa. 3600 IN PTR localhost.;; AUTHORITY SECTION:0.0.127.in-addr.arpa. 3600 IN NS localhost.;; Query time: 1 msec;; SERVER: 192.168.0.1#53(192.168.0.1);; WHEN: Sat Apr 19 19:33:26 2014;; MSG SIZE rcvd: 106;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49872;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0;; QUESTION SECTION:;nektsistem.sytes.net. IN NS;; AUTHORITY SECTION:sytes.net. 60 IN SOA nf1.no-ip.com. hostmaster.no-ip.com. 2046448184 600 300 604800 600;; Query time: 66 msec;; SERVER: 192.168.0.1#53(192.168.0.1);; WHEN: Sat Apr 19 19:33:26 2014;; MSG SIZE rcvd: 98//Edit-> Am sa revin si cu slave, partea a II + Securizare cand am sa am timp! Edited April 19, 2014 by sleed etc.. 1 Quote Link to comment Share on other sites More sharing options...
Castiel Posted April 19, 2014 Report Share Posted April 19, 2014 Frumos , tutorial ! Bine realizat , +rep . Maine dimineata cand ma scol il voi testa tinand cont ca si eu am ip dinamic . Quote Link to comment Share on other sites More sharing options...
GarryOne Posted April 19, 2014 Report Share Posted April 19, 2014 // ESTE NEAPARAT SA AVETI PORT-UL 53 FORWARDAT PE WIFI, DACA AVETI WIFI!Portul se forward-eaza pe router, nu pe wifi. Quote Link to comment Share on other sites More sharing options...
sleed Posted April 19, 2014 Author Report Share Posted April 19, 2014 (edited) Da scuze, mersi acu am vazut @ modific. Edited April 23, 2014 by sleed Quote Link to comment Share on other sites More sharing options...
z4rk Posted April 20, 2014 Report Share Posted April 20, 2014 Frumos tutorial Quote Link to comment Share on other sites More sharing options...