Author Topic: Bind Alert Cwp7  (Read 113 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Bind Alert Cwp7
« on: March 06, 2019, 06:23:19 PM »

I'm not very good at linux, so I'm looking for some help here in the forum.

I was checking the DNS status and I came across this problem. I'm using the Cloudflare DNS for the server in the ips nameservers.

Will this interfere with the security and dns of the sites I'm using?

● named.service - Berkeley Internet Name Domain (DNS)
   Loaded: loaded (/usr/lib/systemd/system/named.service; enabled; vendor preset: disabled)
   Active: active (running) since Mon 2019-03-04 21:04:48 -04; 1 day 15 hours ago
  Process: 2517 ExecStop = / bin / sh -c / usr / sbin / rndc stop> / dev / null 2> & 1 || / bin / kill -TERM $ MAINPID (code = exited, status = 0 / SUCCESS)
  Process: 17121 ExecReload = / bin / sh -c / usr / sbin / rndc reload> / dev / null 2> & 1 || / bin / kill -HUP $ MAINPID (code = exited, status = 0 / SUCCESS)
  Process: 2529 ExecStart = / usr / sbin / named -u named -c $ {NAMEDCONF} $ OPTIONS (code = exited, status = 0 / SUCCESS)
  Process: 2527 ExecStartPre = / bin / bash -c if [! "$ DISABLE_ZONE_CHECKING" == "yes"]; then / usr / sbin / named-checkconf -z "$ NAMEDCONF"; else echo "Checking of zone files is disabled"; fi (code = exited, status = 0 / SUCCESS)
 Main PID: 2531 (named)
   CGroup: /system.slice/named.service
           └─2531 / usr / sbin / named -u named -c /etc/named.conf

Mar 05 08:39:13 srv.doolk.com.br named [2531]: client 177.209.86.165 # 53898 (eudora.com.br): query (cache) 'eudora.com.br/A/IN' denied
Mar 05 08:31:13 srv.doolk.com.br named [2531]: client 177.209.86.165 # 38632 (quemdisseberenice.com.br): query (cache) 'quemdisseberenice.com.br/A/IN' denied
Mar 05 04:44:36 srv.doolk.com.br named [2531]: client 177.209.86.165 # 48499 (thebeautybox.com.br): query (cache) 'thebeautybox.com.br/A/IN' denied
Mar 05 14:36:49 srv.doolk.com.br named [2531]: client 106.75.65.85 # 45613 (clients1.google.com): query (cache) 'clients1.google.com/A/IN' denied
Mar 05 14:53:28 srv.doolk.com.br named [2531]: client 38.229.33.47 # 31484 (a2783171343p31484i15244.d2019030518000211029.t16912.dnsresearch.cymru.com): query (cache) 'a2783171343p31484i15244.d2019030518000211029.t16912. dnsresearch.cymru.com/A/IN 'denied
Mar 05 23:24:19 srv.doolk.com.br named [2531]: client 74.82.47.2 # 34727 (dnsscan.shadowserver.org): query (cache) 'dnsscan.shadowserver.org/A/IN' denied
Mar 06 01:38:21 srv.doolk.com.br named [2531]: client 129.250.206.86 # 17462 (ecaa9a46.openresolvertest.net): query (cache) 'ecaa9a46.openresolvertest.net/A/IN' denied
Mar 06 05:30:25 srv.doolk.com.br named [2531]: client 139.162.117.40 # 40114 (www.qq.com): query (cache) 'www.qq.com/A/IN' denied
Mar 06 05:43:11 srv.doolk.com.br named [2531]: client 103.29.71.94 # 38922 (www.qq.com): query (cache) 'www.qq.com/A/IN' denied
Mar 06 11:20:15 srv.doolk.com.br named [2531]: client 209.222.107.174 # 14236 (1x1.cz): query (cache) '1x1.cz/ANY/IN' denied

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Another thing, when I ping to any subdomain, example: ns1.doolk.com.br for me is returning a strange ip that is not my 92.242.140.20. When I give a tracert he sends me to one such unallocated.barefruit.co.uk [92.242.140.20]

How can I solve this problem?

Offline
*
Re: Bind Alert Cwp7
« Reply #1 on: March 06, 2019, 06:25:18 PM »
my named.conf

=-=-=-=-=

//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a any DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// See the BIND Administrator's Reference Manual (ARM) for details about the
// configuration located in /usr/share/doc/bind-{version}/Bv9ARM.html

options {
   listen-on port 53 { any; };
   listen-on-v6 port 53 { ::1; };
   directory    "/var/named";
   dump-file    "/var/named/data/cache_dump.db";
   statistics-file "/var/named/data/named_stats.txt";
   memstatistics-file "/var/named/data/named_mem_stats.txt";
   allow-query     { any; };

   /*
    - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
    - If you are building a RECURSIVE (caching) DNS server, you need to enable
      recursion.
    - If your recursive DNS server has a public IP address, you MUST enable access
      control to limit queries to your legitimate users. Failing to do so will
      cause your server to become part of large scale DNS amplification
      attacks. Implementing BCP38 within your network would greatly
      reduce such attack surface
   */
   recursion no;

   dnssec-enable yes;
   dnssec-validation yes;

   /* Path to ISC DLV key */
   bindkeys-file "/etc/named.iscdlv.key";

   managed-keys-directory "/var/named/dynamic";

   pid-file "/run/named/named.pid";
   session-keyfile "/run/named/session.key";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
   type hint;
   file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";


// zone doolk.com.br
zone "doolk.com.br" {
   type master;
   file "/var/named/doolk.com.br.db";};
// zone_end doolk.com.br
zone "eva.ns.cloudflare.com" {type master;file "/var/named/eva.ns.cloudflare.com.db";};
zone "walt.ns.cloudflare.com" {type master;file "/var/named/walt.ns.cloudflare.com.db";};

// zone testekida.tk
zone "testekida.tk" {
   type master;
   file "/var/named/testekida.tk.db";};
// zone_end testekida.tk
// zone doolkteste.tk
zone "doolkteste.tk" {
   type master;
   file "/var/named/doolkteste.tk.db";};
// zone_end doolkteste.tk