address spoofing
Andrew Brown
twofsonet at graffiti.com
Sun Apr 25 15:10:25 UTC 1999
>> then, you can have (if you want) another bind listening on other
>> interfaces for other stuff. like the "internal dns" server that you
>> mentioned. or maybe a recursive, caching-only server that listens
>> only on 127.0.0.1. of course...they can speak to each other if need
>> be. :)
>
>I tried 2 instances of BIND and they didn't work right. One functioned
>and the other played dead (very dead ... as in the process blocked and
>would not wake up). One needs 2 separate machines to get it to actually
>work right (times the amount of redundancy desired). If you know the
>magic to make it work right, I'd sure like to know. Maybe some kind of
>lock somewhere?
the trick is to tell them specifically to listen on different
interfaces. if you don't do that, then they will collide. other
things (such as a different query or forwarding port, a separate pid
file, etc.) are also rather necessary.
i will attach a small shar file that paul vixie posted to the
bind-workers mailing list a little over a year and a half ago that
demonstrates exactly this.
--
|-----< "CODE WARRIOR" >-----|
codewarrior at daemon.org * "ah! i see you have the internet
twofsonet at graffiti.com (Andrew Brown) that goes *ping*!"
andrew at crossbar.com * "information is power -- share the wealth."
-------------- next part --------------
#!/bin/sh
# This is a shell archive (produced by GNU sharutils 4.2).
# To extract the files from this archive, save it to some FILE, remove
# everything before the `!/bin/sh' line above, then type `sh FILE'.
#
# Made on 1997-08-14 13:58 PDT by <vixie at db.rc.vix.com>.
# Source directory was `/var/named'.
#
# Existing files will *not* be overwritten unless `-c' is specified.
#
# This shar contains:
# length mode name
# ------ ---------- ------------------------------------------
# 140 -rw-rw-r-- rc.stuff
# 827 -rw-r--r-- named.db.conf
# 300 -rw-r--r-- named.localhost.conf
# 197 -r--r--r-- inf/127.0.0
# 1488 -r--r--r-- inf/cache.db
# 353 -r--r--r-- inf/localhost
#
save_IFS="${IFS}"
IFS="${IFS}:"
gettext_dir=FAILED
locale_dir=FAILED
first_param="$1"
for dir in $PATH
do
if test "$gettext_dir" = FAILED && test -f $dir/gettext \
&& ($dir/gettext --version >/dev/null 2>&1)
then
set `$dir/gettext --version 2>&1`
if test "$3" = GNU
then
gettext_dir=$dir
fi
fi
if test "$locale_dir" = FAILED && test -f $dir/shar \
&& ($dir/shar --print-text-domain-dir >/dev/null 2>&1)
then
locale_dir=`$dir/shar --print-text-domain-dir`
fi
done
IFS="$save_IFS"
if test "$locale_dir" = FAILED || test "$gettext_dir" = FAILED
then
echo=echo
else
TEXTDOMAINDIR=$locale_dir
export TEXTDOMAINDIR
TEXTDOMAIN=sharutils
export TEXTDOMAIN
echo="$gettext_dir/gettext -s"
fi
touch -am 1231235999 $$.touch >/dev/null 2>&1
if test ! -f 1231235999 && test -f $$.touch; then
shar_touch=touch
else
shar_touch=:
echo
$echo 'WARNING: not restoring timestamps. Consider getting and'
$echo "installing GNU \`touch', distributed in GNU File Utilities..."
echo
fi
rm -f 1231235999 $$.touch
#
if mkdir _sh21377; then
$echo 'x -' 'creating lock directory'
else
$echo 'failed to create lock directory'
exit 1
fi
# ============= rc.stuff ==============
if test -f 'rc.stuff' && test "$first_param" != -c; then
$echo 'x -' SKIPPING 'rc.stuff' '(file already exists)'
else
$echo 'x -' extracting 'rc.stuff' '(text)'
sed 's/^X//' << 'SHAR_EOF' > 'rc.stuff' &&
echo -n " named(db)"; /usr/sbin/named -c /var/named/named.db.conf
echo -n " named(lo0)"; /usr/sbin/named -c /var/named/named.localhost.conf
SHAR_EOF
$shar_touch -am 0814135897 'rc.stuff' &&
chmod 0664 'rc.stuff' ||
$echo 'restore of' 'rc.stuff' 'failed'
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|| $echo 'rc.stuff:' 'MD5 check failed'
81d47871d3ce82faf4bb7956303c6dae rc.stuff
SHAR_EOF
else
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'rc.stuff'`"
test 140 -eq "$shar_count" ||
$echo 'rc.stuff:' 'original size' '140,' 'current size' "$shar_count!"
fi
fi
# ============= named.db.conf ==============
if test -f 'named.db.conf' && test "$first_param" != -c; then
$echo 'x -' SKIPPING 'named.db.conf' '(file already exists)'
else
$echo 'x -' extracting 'named.db.conf' '(text)'
sed 's/^X//' << 'SHAR_EOF' > 'named.db.conf' &&
#
# $Id:$
#
X
options {
X check-names response warn;
X directory "/var/named";
X recursion no;
X listen-on { 204.152.187.21; };
};
X
################################################################ master
X
zone "rc.vix.com" {
X type master;
X file "pri/rc.vix.com";
};
X
zone "186.152.204.in-addr.arpa" {
X type master;
X file "pri/204.152.186";
};
X
zone "187.152.204.in-addr.arpa" {
X type master;
X file "pri/204.152.187";
};
X
################################################################ slave
X
zone "vix.com" {
X type slave;
X file "sec/vix.com";
X masters { 192.5.5.1; };
};
X
################################################################ infrastructure
X
zone "localhost" {
X type master;
X file "inf/localhost";
};
X
zone "0.0.127.in-addr.arpa" {
X type master;
X file "inf/127.0.0";
};
X
zone "." {
X type hint;
X file "inf/cache.db";
};
X
SHAR_EOF
$shar_touch -am 0813224397 'named.db.conf' &&
chmod 0644 'named.db.conf' ||
$echo 'restore of' 'named.db.conf' 'failed'
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|| $echo 'named.db.conf:' 'MD5 check failed'
e67508b3d850d9bf523b76604bb19302 named.db.conf
SHAR_EOF
else
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'named.db.conf'`"
test 827 -eq "$shar_count" ||
$echo 'named.db.conf:' 'original size' '827,' 'current size' "$shar_count!"
fi
fi
# ============= named.localhost.conf ==============
if test -f 'named.localhost.conf' && test "$first_param" != -c; then
$echo 'x -' SKIPPING 'named.localhost.conf' '(file already exists)'
else
$echo 'x -' extracting 'named.localhost.conf' '(text)'
sed 's/^X//' << 'SHAR_EOF' > 'named.localhost.conf' &&
#
# $Id:$
#
X
options {
X check-names response warn;
X directory "/var/named";
X recursion yes;
X listen-on { 127.0.0.1; };
};
X
zone "localhost" {
X type master;
X file "inf/localhost";
};
X
zone "0.0.127.in-addr.arpa" {
X type master;
X file "inf/127.0.0";
};
X
zone "." {
X type hint;
X file "inf/cache.db";
};
SHAR_EOF
$shar_touch -am 0813224297 'named.localhost.conf' &&
chmod 0644 'named.localhost.conf' ||
$echo 'restore of' 'named.localhost.conf' 'failed'
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|| $echo 'named.localhost.conf:' 'MD5 check failed'
5300d6e5f49af84642a56d582b02d841 named.localhost.conf
SHAR_EOF
else
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'named.localhost.conf'`"
test 300 -eq "$shar_count" ||
$echo 'named.localhost.conf:' 'original size' '300,' 'current size' "$shar_count!"
fi
fi
# ============= inf/127.0.0 ==============
if test ! -d 'inf'; then
$echo 'x -' 'creating directory' 'inf'
mkdir 'inf'
fi
if test -f 'inf/127.0.0' && test "$first_param" != -c; then
$echo 'x -' SKIPPING 'inf/127.0.0' '(file already exists)'
else
$echo 'x -' extracting 'inf/127.0.0' '(text)'
sed 's/^X//' << 'SHAR_EOF' > 'inf/127.0.0' &&
@ IN SOA localhost. root.localhost. (
X 42 ; serial
X 3600 ; refresh (1 hour)
X 1800 ; retry (30 mins)
X 604800 ; expire (7 days)
X 3600 ) ; minimum (1 hour)
X NS localhost.
1 PTR localhost.
SHAR_EOF
$shar_touch -am 0813184197 'inf/127.0.0' &&
chmod 0444 'inf/127.0.0' ||
$echo 'restore of' 'inf/127.0.0' 'failed'
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|| $echo 'inf/127.0.0:' 'MD5 check failed'
943368ab6e5913bc1dad2644287a7e6a inf/127.0.0
SHAR_EOF
else
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'inf/127.0.0'`"
test 197 -eq "$shar_count" ||
$echo 'inf/127.0.0:' 'original size' '197,' 'current size' "$shar_count!"
fi
fi
# ============= inf/cache.db ==============
if test -f 'inf/cache.db' && test "$first_param" != -c; then
$echo 'x -' SKIPPING 'inf/cache.db' '(file already exists)'
else
$echo 'x -' extracting 'inf/cache.db' '(text)'
sed 's/^X//' << 'SHAR_EOF' > 'inf/cache.db' &&
X
; <<>> DiG 8.1 <<>> @a.root-servers.net . ns
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUERY SECTION:
;; ., type = NS, class = IN
X
;; ANSWER SECTION:
X. 6D IN NS E.ROOT-SERVERS.NET.
X. 6D IN NS I.ROOT-SERVERS.NET.
X. 6D IN NS F.ROOT-SERVERS.NET.
X. 6D IN NS G.ROOT-SERVERS.NET.
X. 6D IN NS J.ROOT-SERVERS.NET.
X. 6D IN NS K.ROOT-SERVERS.NET.
X. 6D IN NS L.ROOT-SERVERS.NET.
X. 6D IN NS M.ROOT-SERVERS.NET.
X. 6D IN NS A.ROOT-SERVERS.NET.
X. 6D IN NS H.ROOT-SERVERS.NET.
X. 6D IN NS B.ROOT-SERVERS.NET.
X. 6D IN NS C.ROOT-SERVERS.NET.
X. 6D IN NS D.ROOT-SERVERS.NET.
X
;; ADDITIONAL SECTION:
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10
K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129
L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12
M.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.65.12
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
B.ROOT-SERVERS.NET. 6D IN A 128.9.0.107
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
X
;; Total query time: 98 msec
;; FROM: db.rc.vix.com to SERVER: a.root-servers.net 198.41.0.4
;; WHEN: Wed Aug 13 18:40:21 1997
;; MSG SIZE sent: 17 rcvd: 436
X
SHAR_EOF
$shar_touch -am 0813184097 'inf/cache.db' &&
chmod 0444 'inf/cache.db' ||
$echo 'restore of' 'inf/cache.db' 'failed'
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|| $echo 'inf/cache.db:' 'MD5 check failed'
9cb7ed6393b7570137b27690250a1d15 inf/cache.db
SHAR_EOF
else
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'inf/cache.db'`"
test 1488 -eq "$shar_count" ||
$echo 'inf/cache.db:' 'original size' '1488,' 'current size' "$shar_count!"
fi
fi
# ============= inf/localhost ==============
if test -f 'inf/localhost' && test "$first_param" != -c; then
$echo 'x -' SKIPPING 'inf/localhost' '(file already exists)'
else
$echo 'x -' extracting 'inf/localhost' '(text)'
sed 's/^X//' << 'SHAR_EOF' > 'inf/localhost' &&
@ in soa localhost. root.localhost. (
X 42 ; serial
X 3600 ; refresh (1 hour)
X 1800 ; retry (30 mins)
X 604800 ; expire (7 days)
X 3600 ) ; minimum (1 hour)
X
X ns localhost.
X ptr 1.0.0.127.in-addr.arpa.
SHAR_EOF
$shar_touch -am 0813182497 'inf/localhost' &&
chmod 0444 'inf/localhost' ||
$echo 'restore of' 'inf/localhost' 'failed'
if ( md5sum --help 2>&1 | grep 'sage: md5sum \[' ) >/dev/null 2>&1 \
&& ( md5sum --version 2>&1 | grep -v 'textutils 1.12' ) >/dev/null; then
md5sum -c << SHAR_EOF >/dev/null 2>&1 \
|| $echo 'inf/localhost:' 'MD5 check failed'
21c9332f243d5b7c80894a5548e86666 inf/localhost
SHAR_EOF
else
shar_count="`LC_ALL= LC_CTYPE= LANG= wc -c < 'inf/localhost'`"
test 353 -eq "$shar_count" ||
$echo 'inf/localhost:' 'original size' '353,' 'current size' "$shar_count!"
fi
fi
rm -fr _sh21377
exit 0
More information about the NANOG
mailing list