Click on default and click on save
Host Address Record Type
@ http://www.domain.com URL Redirect
www @ CNAME (Aliase)
Login to shell and then type following command.
/scripts/fixcommonproblems
It will reload all DNS zones and reports if any errors
What is BIND?
BIND (Berkeley Internet Name Domain) is an implementation of the Domain Name System (DNS) protocols and provides an openly redistributable reference implementation of the major components of the Domain Name System, including:
- a Domain Name System server (named)
- a Domain Name System resolver library
- tools for verifying the proper operation of the DNS server
The BIND DNS Server is used on the vast majority of name serving machines on the Internet, providing a robust and stable architecture on top of which an organization’s naming architecture can be built. The resolver library included in the BIND distribution provides the standard APIs for translation between domain names and Internet addresses and is intended to be linked with applications requiring name service.
Why hide the BIND version number?
Although hiding the BIND version number will not prevent automated cracking tools from exploiting vulnerable nameservers, you should prevent “banner grabbing,” or allowing others to gather version information about services running on your machines. This is no substitute for keeping your BIND version updated. You must keep your server updated to be protected from the latest security threats and exploits. If a hacker runs an exploit on your outdated version of BIND, even if you hide the version number, you will get hacked into.
Hiding BIND version
Login to your server through SSH and su to root.
1) pico -w /etc/named.conf
2) add this line:
version “surely you must be joking”;
after:
query-source address * port 53;
3) Save the changes
Ctrl+x then y
4) Restart your BIND service.
service named restart or /etc/init.d/named restart
5) Check your bind version
dig ns1.yourserver.com
You may also check your bind version using http://www.dnsreport.com/ and you will see your new bind version.
On our servers BIND or DNS server runs under Deamon “named”.
The main configuration file for “named” service is located at
/etc/named.conf
DNS Zone files location for all domains on server:
/var/named/domainname.com.db
Log file for “named” service:
/var/log/messages
You can find name servers information for that server in
/etc/resolv.conf
On our servers BIND or DNS server runs under Deamon “named”.
The main configuration file for “named” service is located at
/etc/named.conf
DNS Zone files location for all domains on server:
/var/named/domainname.com.db
Log file for “named” service:
/var/log/messages
You can find name servers information for that server in
/etc/resolv.conf
host
This is the simplest of the DNS commands. It is a quick way to determine the IP address of a hostname:
Code:
host www.your-domain-name.com
The -a option will return all of the DNS information in verbose format:
Code:
host -a www.your-domain-name.com
Now that you know the IP address for domain, try a reverse lookup:
Code:
host <IP address>
dig (domain information groper)
This command gathers and returns DNS information in a format the name server can use directly. You will find it easy to query specific name servers with dig.
You can quickly determine the Name servers of your host or any other host:
Code:
dig ns your-host.com
Then you check your (or another) website against the host’s name servers:
Code:
dig www.your-domain-name.com @ns.your-host.com
Dig can provide output that is in the same format as the zone file itself. Here is how to get the whole zone file:
Code:
dig any your-domain-name.com
The dig command can also do reverse lookups with output formatted for the zone file:
Code:
dig -x <IP Address>
When we check nameservers and other DNS related issues using the popular site dnsreport you’re probbaly seeing Fail Open DNS Servers. We’ll show you have to fixed named to close open dns servers.
How do I check my system?
Go to www.dnsreport.com and enter your domain name, eg rsanetworks.net
You’re safe if you see:
PASS Open DNS servers
You need to follow this tutorial if you see:
FAIL Open DNS servers
Closing Open DNS Servers Tutorial
1) Login to your server and su to root.
2) Edit the /etc/named.conf file such as:# vi /etc/named.conf
Look for:
| Quote: |
| key “rndckey” { }; |
After this add the following, replacing mainIP and secondaryIP with your systems nameservers.
| Quote: |
| acl “trusted” { mainIP;secondaryIP;127.0.0.1; }; |
3) After that’s done you want to add the section that says only the trusted is allowed for certain functions. Check your options area and make sure you add the following:
| Quote: |
| allow-recursion { trusted; }; allow-notify { trusted; }; allow-transfer { trusted; }; |
So the final result looks something like:
| Quote: |
| options { directory “/var/named”; allow-recursion { trusted; }; allow-notify { trusted; }; allow-transfer { trusted; }; dump-file “/var/named/data/cache_dump.db”; statistics-file “/var/named/data/named_stats.txt”; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; }; |
4) Save the changes and restart the named service: -
service named restart
or
/scripts/restartsrv_named
5) Recheck your site at dnsreport.com, you should be good!
Login to Domain Manager, and then click on “URL Redirection” link.
Enter in the address of your existing website and choose your redirection type.
Then click submit.
When you observe that mails are not working in server for outside domains and if you see the exim logs in server as given below.
2006-06-22 02:33:06 DNS list lookup defer (probably timeout) for 36.168.11.209.bl.spamcop.net: assumed not in list
2006-06-22 02:33:06 DNS list lookup defer (probably timeout) for 112.5.92.213.bl.spamcop.net: assumed not in list
2006-06-22 02:33:06 DNS list lookup defer (probably timeout) for 210.28.225.209.dnsbl.njabl.org: assumed not in list
2006-06-22 02:33:07 DNS list lookup defer (probably timeout) for 242.202.32.83.bl.spamcop.net: assumed not in list
And also as given below.
Could not complete sender verify
By checking using command :-
exim -bt user@outsidedomain.com
DNS host lookup failed.
When you cannot fix it by restarting or reloading the named service.
You can try this Solution:
Just add the IP’s of server’s nameservers to /etc/resolv.conf as shown below but do not remove any previous entries.
nameserver primaryIP
nameserver secondaryIP
Then
pkill named
service named restart
Now check it again.
exim -bt user@outsidedomain.com
It gives the result as below.
router = lookuphost, transport = remote_smtp
host outsidedomain.com [66.67.68.69] MX=0