Loading...
Latest news
COVID19-Effet de loupe et biais de sélection
COVID19 70-80% des morts sont vaccinés
COVID19 Le confinement est inutile
700 Films Gatuits
COVID19 Simulation confinement
système

Sécurité BIND DNS query denied

Jordi -

Si dans vos logs vous avez des messages du style :

Jun 10 15:08:04 ns293xx named[7778]: client 91.121.103.13#36552: query (cache) ‘vin-de-siecle.pl/MX/IN’ denied
Jun 10 15:08:15 ns293xx named[7778]: client 91.121.103.13#43692: query (cache) ‘vin-de-siecle.pl/MX/IN’ denied
Jun 10 15:08:26 ns293xx named[7778]: client 91.121.103.13#37836: query (cache) ‘vin-de-siecle.pl/MX/IN’ denied
Jun 10 15:08:29 ns293xx named[7778]: client 91.121.103.13#40694: query (cache) ‘vin-de-siecle.pl/MX/IN’ denied
Jun 10 15:08:34 ns293xx named[7778]: client 91.121.103.13#34691: query (cache) ‘vin-de-siecle.pl/A/IN’ denied

Vous devriez vérifier votre configuration de BIND :

BIND (Berkeley Internet Name Domain) est le serveur DNS le plus utilisé sur Internet, spécialement sur les systèmes de type Unix. Il est maintenu par Internet Systems Consortium.

Une nouvelle version de BIND (BIND 9) a été réécrite afin de résoudre certains problèmes architecturaux du code initial et d’ajouter le support de DNSSEC (DNS Security Extensions).

La configuration de Bind par défaut comporte une ”faille” de sécurité, en effet la configuration autorise des tierces personnes à utiliser le serveur DNS (sans demander la permission ^^). Cela fait de notre cher Bind un serveur DNS relais !!

Pour corriger cette faille nous allons ajouter une option dans le fichier “/etc/bind/named.conf.options”.

allow-recursion { 127.0.0.1; serverip;};

Ce qui a pour incidence que l’utilisation de Bind ne sera autorisée que sur le serveur même.

Attention à ne pas mettre “none” autrement votre serveur ne pourra pas résoudre ces propres requêtes !!

allow-recursion { none; };

allow-query-cache

Avec allow-recursion nous avons déjà comblé une partie de la faille, il reste encore à interdire l’utilisation du cache de notre serveur, pour se faire comme d’habitude il faut ajouter une option dans le fichier “/etc/bind/named.conf.options”.

allow-query-cache { 127.0.0.1; serverip;};
282 comments
  8. a bathing ape

    I precisely had to thank you so much once more. I do not know the things that I would have handled without the type of methods shown by you regarding such a problem. It seemed to be a very scary difficulty in my view, however , considering a new well-written mode you managed that took me to weep for happiness. I am just thankful for your help and then sincerely hope you comprehend what a great job you are carrying out instructing many people through the use of your website. More than likely you’ve never got to know all of us.

  17. bape hoodie

    A lot of thanks for all your work on this site. My daughter really loves conducting investigation and it’s really easy to understand why. We all learn all regarding the powerful way you present important tips by means of the website and attract contribution from some others on this subject matter so my princess is without a doubt being taught a great deal. Enjoy the rest of the new year. You’re doing a really great job.

  20. yeezy gap hoodie

    My wife and i got so fulfilled when Michael managed to do his preliminary research through the ideas he discovered through your site. It’s not at all simplistic just to find yourself freely giving tactics which usually some others may have been trying to sell. So we consider we’ve got the writer to give thanks to because of that. Most of the illustrations you made, the easy web site navigation, the relationships you will aid to promote – it is most incredible, and it’s assisting our son and us know that that situation is awesome, and that is incredibly serious. Many thanks for the whole thing!

  21. kd 12

    I have to get across my love for your kindness giving support to those individuals that really need help with this concern. Your real commitment to passing the solution around became extremely important and have consistently allowed associates like me to arrive at their endeavors. This warm and helpful guideline implies a lot a person like me and extremely more to my office colleagues. Thanks a ton; from all of us.

  22. Bess Ahyet

    Singapore is truly fascinating for its multilayered social tapestry! From Chinatown to Little India and whatever in between, there’s a lot to experience and also find here – its vivid shades and also rich history makes every edge an interesting experience – foodies need to most definitely visit! If that is something that talks with you also after that Singapore need to not be missed as your next traveling location! Hawker Centres in Singapore offer an amazing selection of neighborhood dishes. Do not miss trying Hainanese Chicken Rice or Chili Crab! Gardens by the Bay were awesome – I specifically appreciated Supertree Grove and also Cloud Forest – they really took my breath away! The light show during the night was absolutely exciting as well as an outright must-see! Singapore supplied such an amazing blend of advanced architecture and also lavish vegetation – from Marina Bay Sands to Henderson Waves this city is really outstanding to find! Singapore’s public transportation is exceptional! From its effective metro train system as well as simple traveling with an EZ-Link card to Sentosa Island for relaxation – which boasts Universal Studios, S.E.A Aquariums, and a lot more attractions! – their public transportation has actually established new standards. Aquarium, lovely coastlines, and also various other entertainment for the whole household make Singapore an superb method to invest a day. Do not miss out on Singapore’s ArtScience Museum which combines art, science, and technology in an remarkable combination! Experiences at The Gardens By the Bay were really wonderful; with interactive exhibitions and captivating display screens producing an remarkable trip – definitely worth a go to! I was truly surprised at Singapore’s amazing purchasing scene! From luxury shopping malls such as ION Orchard to Bugis Street’s vibrant markets there truly is something here for any type of shopaholic to experience! See to it to leave some area in your travel suitcase! I discovered Singapore Zoo one of the finest zoos I’ve gone to; it’s open-concept rooms and also immersive environments created a true wildlife experience, not neglecting Evening Safari for included exhilaration! Singapore’s multiculturalism is an additional drawcard; Chinese, Malay, Indian, and Western impacts can be seen everywhere from design to cuisine; making for a interesting fusion!

  26. yeezy 500 blush

    I simply desired to thank you so much yet again. I do not know what I would’ve made to happen in the absence of those secrets shown by you concerning that topic. It became the frustrating case in my position, nevertheless finding out a new skilled form you solved the issue made me to weep for gladness. Extremely thankful for this assistance and thus hope that you realize what a great job that you are undertaking instructing people today by way of a blog. Most probably you have never encountered all of us.

  28. kyrie 9

    I want to express some appreciation to the writer for bailing me out of this incident. Right after scouting through the online world and seeing opinions which were not helpful, I assumed my entire life was gone. Existing without the presence of strategies to the difficulties you’ve solved all through the article is a critical case, and those that would have negatively damaged my entire career if I hadn’t come across the blog. Your own personal skills and kindness in taking care of all things was useful. I am not sure what I would’ve done if I had not discovered such a thing like this. It’s possible to now look forward to my future. Thanks so much for your specialized and result oriented guide. I will not hesitate to suggest the sites to anybody who needs and wants guidelines on this issue.

  29. golden goose shoes

    My spouse and i have been excited that Edward managed to carry out his researching through the entire ideas he gained when using the web page. It is now and again perplexing to just be handing out thoughts which many people may have been selling. We really figure out we have the writer to give thanks to for that. The main illustrations you’ve made, the straightforward web site navigation, the friendships you make it easier to engender – it is most terrific, and it is facilitating our son in addition to our family do think the article is fun, which is really important. Thank you for all the pieces!

  30. fear of god clothing

    I precisely had to thank you very much all over again. I’m not certain what I might have handled in the absence of these advice shown by you concerning such a theme. Previously it was the daunting matter for me, however , noticing the expert strategy you processed that forced me to cry for happiness. I am happier for this information and as well , expect you find out what a great job you are always carrying out teaching some other people with the aid of your site. I’m certain you’ve never come across any of us.

Laisser un commentaire

Votre adresse e-mail ne sera pas publiée.