Archive for 'Djbdns'

Overview

DNS cache poisoning to redirect a site to alternate address using dnscache and tinydns

Requirements

  • Centos ( or any other Unix/Linux ) Server running dnscache and tinydns
  • Atleast 1 configured IP address on which dnscache/tinydns is running :: Let it be 192.168.1.2
  • A domain that we want to redirect :: Let it be exampledomain.com

Configuration

Step 1

Install tinydns and dnscache, click on below links for help

Step 2

Add the site you want to direct to dnscache as below, so that it will look up the IP inside

root@serv:~# echo “192.168.1.2” > /etc/dnscache/root/servers/exampledomain.com

Step 3

Make records for the domain on tinydns to redirect it to the desired address ( here i’m pointing it to 192.168.1.2 itself )

root@serv:~# cd /etc/tinydns/root/
root@serv:~# add-ns ns1.exampledomain.com 192.168.1.2
root@serv:~# add-host exampledomain.com 192.168.1.2
root@serv:~# make

Step 3

Kill and restart the services and bring the changes into effect

root@serv:~# svc -t /service/*

With this the machines that are using 192.168.1.2 as dns server will get pointed to the IP 192.168.1.2 when accessing exampledomain.com

Overview

Installing tinydns server and setting up a domain on it .

Requirements

  • Centos server ( any other Linux/Unix distro can be used )
  • Atleast 1 configured IP address :: Let it be 192.168.1.2
  • A domain :: Let it be exampledomain.com

Installation

ucspi-tcp is a public domain Unix TCP command-line tool it must be installed for running tinydns. Daemontools must be installed for monitoring and supervising tinydns.

Step 1

Install ucspitcp and daemontools

root@serv:~# yum install make gcc

root@serv:~# cd /usr/src
root@serv:~# wget http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch
root@serv:~# wget http://www.qmail.org/moni.csi.hu/pub/ucspi-tcp-0.88.errno.patch

root@serv:~# wget http://cr.yp.to/ucspi-tcp/ucspi-tcp-0.88.tar.gz
root@serv:~# tar -vxzf ucspi-tcp-0.88.tar.gz
root@serv:~# cd ucspi-tcp-0.88
root@serv:~# echo “gcc -O2 -include /usr/include/errno.h” > conf-cc
root@serv:~# patch -p1 < /usr/src/ucspi-tcp-0.88.errno.patch
root@serv:~# make
root@serv:~# make install

root@serv:~# mkdir -p /package
root@serv:~# chmod 1755 /package
root@serv:~# cd /package
root@serv:~# wget http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
root@serv:~# tar -zxvf daemontools-0.76.tar.gz
root@serv:~# rm daemontools-0.76.tar.gz
root@serv:~# cd admin/daemontools-0.76
root@serv:~# patch -p1 < /usr/src/daemontools-0.76.errno.patch
root@serv:~# package/install

Step 2

Install djbdns package

root@serv:~# cd /usr/src/
root@serv:~# wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
root@serv:~# tar -xf djbdns-1.05.tar.gz
root@serv:~# cd djbdns-1.05
root@serv:~# echo gcc -O2 -include /usr/include/errno.h > conf-cc
root@serv:~# make
root@serv:~# make setup check

Configuration

Configure tinydns to listen on IP 192.168.1.2

root@serv:~# useradd dnslog
root@serv:~# useradd tinydns
root@serv:~# tinydns-conf tinydns dnslog /etc/tinydns 192.168.1.2

Add a domain to tinydns

root@serv:~# cd /etc/tinydns/root/
root@serv:~# add-ns ns1.exampledomain.com 192.168.1.2
root@serv:~# add-host exampledomain.com 192.168.1.2
root@serv:~# make

Add it to svscan to keep the service under monitoring

root@serv:~# ln -s /etc/tinydns /service/tinydns
root@serv:~# svc -d /service/tinydns
root@serv:~# svc -u /service/tinydns

Main Log file

/service/tinydns/log/main/current

External DNS cache and resolver using djbdns

Overview

A howto on building a DNS caching and Resolving server with dnscache. This server will resolve and cache DNS requests from root servers for other networks/machines.

Scenario : For example all machines of network 10.20.x.x will be using this server with IP 192.168.2.1 for DNS resolution.

Requirements

  • Centos server ( any other Linux/Unix distro can be used )
  • Atleast 1 configured public IP address :: Let it be 192.168.2.1 ( you need to do configure a proper IP )

Installation

daemontools must be installed for monitoring and supervising dnscache

Step 1

Install daemontools

root@serv:~# yum install make gcc

root@serv:~# cd /usr/src
root@serv:~# wget http://www.qmail.org/moni.csi.hu/pub/glibc-2.3.1/daemontools-0.76.errno.patch

root@serv:~# mkdir -p /package
root@serv:~# chmod 1755 /package
root@serv:~# cd /package
root@serv:~# wget  http://cr.yp.to/daemontools/daemontools-0.76.tar.gz
root@serv:~# tar -zxvf daemontools-0.76.tar.gz
root@serv:~# rm daemontools-0.76.tar.gz
root@serv:~# cd admin/daemontools-0.76
root@serv:~# patch -p1 < /usr/src/daemontools-0.76.errno.patch
root@serv:~# package/install

Step 2

Install djbdns package

root@serv:~# cd /usr/src/
root@serv:~# wget http://cr.yp.to/djbdns/djbdns-1.05.tar.gz
root@serv:~# tar -xf djbdns-1.05.tar.gz
root@serv:~# cd djbdns-1.05
root@serv:~# echo gcc -O2 -include /usr/include/errno.h > conf-cc
root@serv:~# make
root@serv:~# make setup check

Configuration

You need to configure dnscache to listen to the IP configured on your server so that external machines can use it as resolver IP

root@serv:~# useradd dnslog
root@serv:~# useradd dnscache
root@serv:~# dnscache-conf dnscache dnslog /etc/dnscache 192.168.2.1

Add it to svscan to keep the service under monitoring

root@serv:~# ln -s /etc/dnscache /service/dnscache
root@serv:~# svc -d /service/dnscache
root@serv:~# svc -u /service/dnscache

Authorize the external network that want to use the server as a DNS resolver ( as an example  10.20.x.x )

root@serv:~# touch /etc/dnscache/root/ip/10.20

Client Configuration

You will be able to use the IP 192.168.2.1 as DNS nameserver on all machine of network 10.20.x.x

Log file

/service/dnscache/log/main/current