Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: DNS truble
Top Forums UNIX for Dummies Questions & Answers DNS truble Post 302175883 by jess_t03 on Sunday 16th of March 2008 03:39:53 PM
Old 03-16-2008
DNS truble
OS on all PC RHEL 5.1
SELinux OFF
iptables OFF

Its part of named config
What here not correct? On my PC IP address 192.168.1.2
i can't ping yahoo.com and google.com etc... Not dig not host all don't work ((
In /etc/resolve.conf i'm write IP of my DNS server (192.168.1.200)
On server work this config and on server all work! I can ping and dig from my DNS server

Code:
acl "myaddresses" { 127.0.0.1; 192.168.1.200; };
acl "mynetwork" { 192.168.1.0/24; };

         options {
         listen-on port 53 { myaddresses; };

         directory "/var/named";
         dump-file "/var/named/data/cache_dump.db";
         statistics-file "/var/named/data/named_stats.txt";
         memstatistics-file "/var/named/data/named_mem_stats.txt";
         query-source port 53;
        allow-query           { localhost; mynetwork; };
        allow-recursion      { localhost; mynetwork; };
        allow-transfer        { localhost; mynetwork; };
        forwarders            { 168.95.1.1; };
        forward only;
};

Its netstat from my DNS server
Code:
# netstat -napt | grep 53
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 16309/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 16309/named
tcp 0 0 ::1:53 :::* LISTEN 16309/named
tcp 0 0 ::1:953 :::* LISTEN 16309/named

Its results from my PC

Code:
# nmap -vv 192.168.1.200
...
Interesting ports on helios.aksay.kz (192.168.1.200):
Not shown: 1690 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
111/tcp open rpcbind
755/tcp open unknown
814/tcp open unknown
842/tcp open unknown
2049/tcp open nfs
...

# dig yahoo.com @192.168.1.200

; <<>> DiG 9.5.0a6 <<>> yahoo,com @192.168.1.200
;; global options: printcmd
;; connection timed out; no servers could be reached

In where truble ? I'm set ACL right and have this fun ((( help me please why me server don't access query for my PC ((
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Dns

Greetings to all, I have not been in a unix environment for many years, but I am back. Question is regarding how to setup or check how it's configured is DNS on a SPARCstation 20 runing SunOS 4.1.4 2 sun4m I have a DNS server on the network and would like the sun box to use it for it's name... (22 Replies)
Discussion started by: DLongan
22 Replies

2. UNIX for Dummies Questions & Answers

Dns

Is there a website to go to that gives you a set of instructions to set up DNS from start to finish? I need it for a Solaris 8 box on the Intel platform side. (3 Replies)
Discussion started by: Deuce
3 Replies

3. UNIX for Dummies Questions & Answers

Dns

I just bought a unix dedicated server from a company so that i can host websites on that server. I wanted to configure it but I have no clue :confused: as to where to start. If some one can just guide me to the right direction, i would greatly appreciate it. megnote (1 Reply)
Discussion started by: megnote
1 Replies

4. IP Networking

Dns

I would like to set up a DNS on my system, just to learn really, how difficult and what all is involved in the set up? How difficult? (6 Replies)
Discussion started by: jo calamine
6 Replies

5. Solaris

Solaris DNS Client For Microsoft DNS Server

hey guys, how to add soalris box as a microsoft DNS Client ? and how to register in the microsoft DNS ?? i managed to query from the DNS server after adding /etc/resolve.conf and editing /etc/nsswitch.conf but i need to register the soalris server (dns Client) into Microsoft DNS automatically.... (3 Replies)
Discussion started by: mduweik
3 Replies

6. UNIX for Advanced & Expert Users

DNS server choice: Windows DNS vs Linux BIND

I'd like to get some opnions on choosing DNS server: Windows DNS vs Linux BIND comparrsion: 1) managment, easy of use 2) Security 3) features 4) peformance 5) ?? I personally prefer Windows DNS server for management, it supports GUI and command line. But I am not sure about security... (2 Replies)
Discussion started by: honglus
2 Replies

7. Red Hat

DNS A-Record point to another DNS

Hi, I have a question on how to point the DNS server-1's A-record to second DNS server, which is DNS server-2. So, the computer can access other domain which only listed in the DNS server-2. The scenario is as follow: http://img689.imageshack.us/img689/6333/12234.png How to configure this... (4 Replies)
Discussion started by: Paris Heng
4 Replies

8. Red Hat

DHCP & DNS - Clients get IP but don't register in DNS

I am trying to setup a CentOS 6.2 server that will be doing 3 things DHCP, DNS & Samba for a very small office (2 users). The idea being this will replace a very old Win2k server. The users are all windows based clients so only the server will be Linux based. I've installed CentOS 6.2 with... (4 Replies)
Discussion started by: FireBIade
4 Replies

9. Red Hat

dns

how do we update dns zone file entries without restarting named demon (5 Replies)
Discussion started by: abhay1983
5 Replies

10. Solaris

DNS client added to DNS server but not working

Hi, We have built a new server (RHEL VM)and added that IP/hostname into dns zone configs file on DNS server (Solaris 10). Reloaded the configuration using and added nameserver into resolv.conf on client. But when I am trying nslookup, its not getting resolved. The nameserver is not able to... (8 Replies)
Discussion started by: snchaudhari2
8 Replies

LEARN ABOUT DEBIAN

xprobe2

XPROBE2(1)						      General Commands Manual							XPROBE2(1)

NAME

       xprobe2 - A Remote active operating system fingerprinting tool.

SYNOPSIS

       xprobe2 [ -v ] [ -r ] [ -p proto:portnum:state ] [ -c configfile ] [ -o logfile ] [ -p port ] [ -t receive_timeout ] [ -m numberofmatches ]
       [ -D modnum ] [ -F ] [ -X ] [ -B ] [ -A ] [ -T port spec ] [ -U port spec ] host

DESCRIPTION

       xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. xprobe2	relies	on
       fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.

       The  operation  of  xprobe2 is described in a paper titled "xprobe2 - A 'Fuzzy' Approach to Remote Active Operating System Fingerprinting",
       which is available from http://www.sys-security.com/html/projects/X.html.

       As xprobe2 uses raw sockets to send probes, you must have root privileges in order for xprobe2 to be able to use them.

OPTIONS

       -v     be verbose.

       -r     display route to target (traceroute-like output).

       -c     use configfile to read the configuration file, xprobe2.conf, from a non-default location.

       -D     disable module number modnum.

       -m     set number of results to display to numofmatches.

       -o     use logfile to log everything (default output is stderr).

       -p     specify port number (portnum), protocol (proto) and it's state for xprobe2 to use during rechability/fingerprinting tests of  remote
	      host.  Possible  values  for  proto are  tcp or  udp, portnum can only take values from  1 to 65535, state can be either closed (for
	      tcp that means that remote host replies with RST packet, for  udp that means that remote host replies  with  ICMP  Port  Unreachable
	      packet)  or  open (for  tcp that means that remote host replies with SYN ACK packet and for  udp that means that remote host doesn't
	      send any packet back).

       -t     set receive timeout to receive_timeout in seconds (the default is set to 10 seconds).

       -F     generate signature for specified target (use -o to save fingerprint into file)

       -X     write XML output to logfile specified with -o

       -B     causes xprobe2 to be a bit more noisy, as -B makes TCP handshake module to try and blindly guess an open TCP port on the target,	by
	      sending sequential probes to the following well-known ports: 80, 443, 23, 21, 25, 22, 139, 445 and 6000 hoping to get SYN ACK reply.
	      If xprobe2 receives RST|ACK or SYN|ACK packets for a port in the list above, it will be saved in the  target  port  database  to	be
	      later used by other modules (i.e. RST module).

       -T, -U enable built-in portscanning module, which will attempt to scan TCP and/or UDP ports respectively, which were specified in port spec

       -A     enable  experimental  support  for detection of transparent proxies and firewalls/NIDSs spoofing RST packets in portscanning module.
	      Option should be used in conjunction with -T. All responses from target gathered during portscanning  process  are  divided  in  two
	      classes  (SYN|ACK  and  RST)  and saved for analysis. During analysis module will search for different packets, based on some of the
	      fields of TCP and IP headers, withing the same class and if such packets are found, message  will  be  displayed	showing  different
	      packets withing the same class.

EXAMPLES

	      xprobe2 -v -D 1 -D 2 192.168.1.10

	      Will launch an OS fingerprinting attempt targeting 192.168.1.10. Modules 1 and 2, which are reachability tests, will be disabled, so
	      probes will be sent even if target is down. Output will be verbose.

	      xprobe2 -v -p udp:53:closed 192.168.1.20

	      Will launch an OS fingerprint attempt targeting 192.168.1.20. The UDP destination port is set to 53, and the output will be verbose.

	      xprobe2 -M 11 -p tcp:80:open 192.168.1.1

	      Will only enable TCP handshake module (number 11) to probe the target, very usefull when all ICMP traffic is filtered.

	      xprobe2 -B 192.168.1.1

	      Will cause TCP handshake module to try blindly guess open port on the target by sequentially sending TCP packets to the most  likely
	      open ports (80, 443, 23, 21, 25, 22, 139, 445 and 6000).

	      xprobe2 -T 1-1024 127.0.0.1

	      Will enable portscanning module, which will scan TCP ports starting from 1 to 1024 on 127.0.0.1

	      xprobe2 -p tcp:139:open 192.168.1.2

	      If  remote  target  has TCP port 139 open, the command line above will enable application level SMB module (if remote target has TCP
	      port 445 open, substitue 139 in the command line with 445).

	      xprobe2 -p udp:161:open 192.168.1.10

	      Will enable SNMPv2c application level module, which will	try  to  retrieve  sysDescr.0  OID  using  community  strings  taken  from
	      xprobe2.conf file.

NOTES

       xprobe2 fingerprints remote operating system by analyzing the replies from the target, so to get the most out of xprobe2 you need to supply
       xprobe2 with as much information as possible, in particular it is important to supply at least one open TCP port and one closed	UDP  port.
       Open  TCP  port	can  either be provided in command line (-p), obtained through built-in portscanner (-T) or -B option can be used to cause
       xprobe2 to try to blindly guess open TCP port. UDP port can be supplied via command line (-p) or through built-in portscanner (-U).

HISTORY

       xprobe has been developed in 2001 based	on research performed by Ofir Arkin <ofir@sys-security.com>. The code has been officially released
       at  the	BlackHat Briefings in Las-Vegas in 2001. xprobe2 is a logical evolution of xprobe code. Signature based fuzzy fingerprinting logic
       was embedded.

SEE ALSO

       nmap(1) queso(1) pcap(3)

AUTHORS

       Fyodor Yarochkin <fyodor@o0o.nu>, Ofir Arkin <ofir@sys-security.com>, Meder Kydyraliev <meder@o0o.nu>

       (see also /usr/share/doc/xprobe/CREDITS).

AVAILABILITY

       The current version and relevant documentation is available from following urls:
       http://www.sys-security.com/html/projects/X.html
       http://xprobe.sourceforge.net
       http://www.notlsd.net/xprobe/

BUGS

       None known (please report).

					     $Id: xprobe2.1,v 1.18 2005/07/26 12:48:59 mederchik Exp $					XPROBE2(1)
All times are GMT -4. The time now is 11:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy