Testing DNS security
Hi, I have created a DNS server by using BIND and I have established security policies Now I want to test its performance before hosting it Can you recommend me network simulators that allow to check its security ?? Thank you in advance. -- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to debug BIND
thank very much for your answer, I have done it, and when I look at log file, I found a lot of information like this: 29-Nov-2014 18:09:58.121 general: debug 60: sockmgr 0xb77d7008: watcher got message -3 for socket 514 29-Nov-2014 18:09:58.121 general: debug 60: sockmgr 0xb77d7008: watcher got message -2 for socket -1 29-Nov-2014 18:09:58.121 general: debug 50: socket 0xb558ce18: socket_recv: event 0xb558d008 - task 0xb7807550 29-Nov-2014 18:09:58.121 resolver: debug 3: resquery 0xb5103280 (fctx 0xb50fc008(C0010/A)): sent 29-Nov-2014 18:09:58.121 resolver: debug 3: resquery 0xb5103008 (fctx 0xb50fc008(C0010/A)): senddone 29-Nov-2014 18:09:58.121 resolver: debug 3: resquery 0xb5103280 (fctx 0xb50fc008(C0010/A)): udpconnected 29-Nov-2014 18:09:58.121 resolver: debug 3: fctx 0xb50fc008(C0010/A'): add_bad 29-Nov-2014 18:09:58.121 lame-servers: info: network unreachable resolving 'C0010/A/IN': 192.228.79.201#53 29-Nov-2014 18:09:58.121 resolver: debug 3: fctx 0xb50fc008(C0010/A'): cancelquery 29-Nov-2014 18:09:58.121 dispatch: debug 90: dispatch 0xb78037f8 response 0xb5591638 192.228.79.201#53: detaching from task 0xb7809ca0 I don't find any name of source file (like message.c or name.c) or name of function in this log file, so I can't understand excatly the process of resolution for dig command. So, I'm asking if we can have more details in log files about BND source files and functions involved in dns resolution? Thanks. 2014-11-30 14:32 GMT+00:00 Tony Finch d...@dotat.at: Kaouthar Chetioui kaoutharcheti...@gmail.com wrote: I want to know the exact path that follows bind to resolve a DNS query Try running $ rndc flush $ rndc trace 11 $ dig www.example.ma Then look at named's logs which will give you lots of details about queries, responses, and the parts of BIND involved in the process. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ South Fitzroy: Northerly 5 to 7, occasionally gale 8 at first. Rough, occasionally very rough at first. Showers. Good, occasionally moderate. -- Kaouthar CHETIOUI ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to debug BIND
Ok , Thank you 2014-12-01 10:49 GMT+00:00 Tony Finch d...@dotat.at: Kaouthar Chetioui kaoutharcheti...@gmail.com wrote: I don't find any name of source file (like message.c or name.c) or name of function in this log file, so I can't understand excatly the process of resolution for dig command. The log module gives you a rough idea of which part of the system emitted the log message. I often find I have to grep the source to find the exact place, which is a bit tiresome especially because messages are often split across multiple lines in the code. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Southeast Iceland: Southwesterly severe gale 9 or storm 10, decreasing 6 to gale 8. High becoming very rough. Squally wintry showers. Good, occasionally poor. -- Kaouthar CHETIOUI ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to debug BIND
I have already use +trace it gives me the following answer, like this:
global options: +cmd
. 518400 IN NS E.ROOT-SERVERS.NET.
. 518400 IN NS G.ROOT-SERVERS.NET.
. 518400 IN NS D.ROOT-SERVERS.NET.
. 518400 IN NS H.ROOT-SERVERS.NET.
. 518400 IN NS K.ROOT-SERVERS.NET.
. 518400 IN NS B.ROOT-SERVERS.NET.
. 518400 IN NS I.ROOT-SERVERS.NET.
. 518400 IN NS J.ROOT-SERVERS.NET.
. 518400 IN NS F.ROOT-SERVERS.NET.
. 518400 IN NS C.ROOT-SERVERS.NET.
. 518400 IN NS M.ROOT-SERVERS.NET.
. 518400 IN NS L.ROOT-SERVERS.NET.
. 518400 IN NS A.ROOT-SERVERS.NET.
I also add in 'named.conf' file, the following commands:
logging {
channel debug {
file data/named.log size 10m;
severity debug 99;
print-time yes;
print-severity yes;
print-category yes;
};
category default { debug; };
category general { debug; };
category database { debug; };
category security { debug; };
category config { debug; };
category resolver { debug; };
category xfer-in { debug; };
category xfer-out { debug; };
category notify { debug; };
category client { debug; };
category unmatched { debug; };
category network { debug; };
category update { debug; };
category queries { debug; };
category dispatch { debug; };
category dnssec { debug; };
category lame-servers { debug; };
};
and I used 'dig www.example.ma -d' to debug.
In the file 'named.log', I have the detail of debug but I dont find
functions that are used in Bind source files.
Thanks.
2014-11-30 11:10 GMT+00:00 Steven Carr sjc...@gmail.com:
On 30 November 2014 at 11:04, Kaouthar Chetioui
kaoutharcheti...@gmail.com wrote:
I want to know the exact path that follows bind to resolve a DNS query
Please reply to the list not direct.
The option you are looking for is +trace and needs to be invoked on
the server/system that will be resolving the query for the client.
You might want to try man dig and look at the documentation first in
future...
Steve
Kaouthar.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
How to debug BIND
Hi, I want to do full debug for BIND I use this command: dig www.example.ma -d and I have as result: cancel_lookup() check_if_done() list empty clear_query(0xb77c5010) sockcount=0 check_next_lookup(0x9915980) try_clear_lookup(0x9915980) destroy freeing server 0xb77c11b0 belonging to 0x9915980 start_lookup() check_if_done() list empty shutting down unlock_lookup dighost.c:3829 destroy cancel_all() lock_lookup dighost.c:3940 success unlock_lookup dighost.c:3983 destroy_libs() freeing task freeing taskmgr lock_lookup dighost.c:4015 success flush_server_list() freeing commctx freeing socketmgr freeing timermgr destroy DST lib detach from entropy unlock_lookup dighost.c:4068 Removing log context Destroy memory I need more detail so, can you give me the solution please...? -- Kaouthar CHETIOUI ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
DNSSEC resolution
I want to Know what programmes, process, and files (in Bind) that are involved in a DNSSEC resolution when we launch the dig command. Thank you -- Kaouthar CHETIOUI ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
