Bind DNS
Hi ALL, Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? Any idea guys? thans ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind DNS
Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? Any idea guys? DNS is a name to address resolution protocol. It has no knowledge of web content. What you are after is some sort of web content filter. For home use, I use Squid and DansGuardian (both in ports). Still though, it's very difficult to block only *certain* images, and not others from a particular site. Regards, Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind DNS
At 09:10 PM 5/22/2008, Ruel Luchavez wrote: Hi ALL, Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? Any idea guys? thans define in your hosts any host or URL you want to block as the localhost, 127.0.0.1 You can google for whole host files to use to block a bunch of different annoying sites. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind DNS
are images on different serwer than rest of site? On Fri, 23 May 2008, Ruel Luchavez wrote: Hi ALL, Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? Any idea guys? thans ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind DNS
Derek Ragona wrote: At 09:10 PM 5/22/2008, Ruel Luchavez wrote: Hi ALL, Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? Any idea guys? thans define in your hosts any host or URL you want to block as the localhost, 127.0.0.1 You can google for whole host files to use to block a bunch of different annoying sites. I assumed by the OP's original message that this was a workplace-type environment, and figured that he wouldn't want to hand-manage this type of thing. Also, pardon my ignorance, but if you were to DNS redirect a domain name to a specific IP with BIND, wouldn't you have to create a DNS zone for each domain name? Steve ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind DNS
At 09:07 AM 5/23/2008, Steve Bertrand wrote: Derek Ragona wrote: At 09:10 PM 5/22/2008, Ruel Luchavez wrote: Hi ALL, Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? Any idea guys? thans define in your hosts any host or URL you want to block as the localhost, 127.0.0.1 You can google for whole host files to use to block a bunch of different annoying sites. I assumed by the OP's original message that this was a workplace-type environment, and figured that he wouldn't want to hand-manage this type of thing. Also, pardon my ignorance, but if you were to DNS redirect a domain name to a specific IP with BIND, wouldn't you have to create a DNS zone for each domain name? Steve no, you usually have /etc/nsswitch.conf set to check files before dns, so hosts is checked first. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Bind DNS
On May 22, 2008, at 9:10 PM, Ruel Luchavez wrote: Hi ALL, Is it possible in BIND DNS to block images in a certain sites? like for example the popular friends site ( friendster), i want to block most images in that site so that client will be irritated that their images don't load perfectly. but s till they can visit their site? DNS is not the right level to be doing that unless you know that the images are actually served from a different server than the other content on the site (which is unlikely). An HTTP proxy, Squid in particular, will be the right tool. About a year ago, I saw a description where someone had put in a filter in Squid to blur or rotate all images. The screen shots of that where hilarious, but I can't remember exactly where this was posted. Cheers, -j ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Admin-tools for BIND DNS?
Hi, I'm looking for graphical tools easing configuration of a bind DNS-server. Ideally this tool should be capable of editing IPv6-related records like too. Is there anything available out there for FreeBSD (I already checked the ports collection, but couldn't find anything). Thanks much in advance for any clue, -ewald ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Admin-tools for BIND DNS?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 4/21/11 1:56 PM, Ewald Jenisch wrote: > Hi, > > I'm looking for graphical tools easing configuration of a bind > DNS-server. Ideally this tool should be capable of editing > IPv6-related records like too. > > Is there anything available out there for FreeBSD (I already checked > the ports collection, but couldn't find anything). > > Thanks much in advance for any clue, > -ewald > Hi Ewald, I didn't check if any of these are already part of the ports tree, but there's a decent selection of tools here. http://www.debianhelp.co.uk/bindweb.htm If you use one and like it, please consider creating and submitting a port for it. Cheers, Greg - -- Greg Larkin http://www.FreeBSD.org/ - The Power To Serve http://www.sourcehosting.net/ - Ready. Set. Code. http://twitter.com/sourcehosting/ - Follow me, follow you -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.11 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2weFwACgkQ0sRouByUApCqQgCeKMUsSRkuSTnm1FJIUFycxyRw rqAAn3ecxGeY1XtAunroJGmMsrb/7VcK =SKAt -END PGP SIGNATURE- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Admin-tools for BIND DNS?
On 21.04.11 19:56, Ewald Jenisch wrote: > Hi, > > I'm looking for graphical tools easing configuration of a bind > DNS-server. Ideally this tool should be capable of editing > IPv6-related records like too. > > Is there anything available out there for FreeBSD (I already checked > the ports collection, but couldn't find anything). > webmin it's in ports collection already.. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
BIND DNS Patching on 6.1, 6.2
Hi all, I have ten webservers that I would like nothing more than to update to 6.3 or 7.x But right now I just dont have time. I was wondering if anyone has tried the patches BIND DNS Poioning listed on the freebsd homepage (security advisories) on 6.1 and/or 6.2 and if they worked OK. -Grant ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BIND DNS Patching on 6.1, 6.2
Hi Again, When I posted this question originally, I had forgotten that I had a devel server running FreeBSD 6.2-RELEASE. I tried the 6.3 patch, and it would not make properly. I was thinking I would try the BIND959.5.0 port, but it apprears that this version is still vulneralbe. So I suppose the only question is, what branch + version should one upgrade to to secure this. (I assume 6.3 RELENG or 6 Stable). COmments please, -Grant On Fri, 29 Aug 2008 14:29:13 -0400, gpeel wrote > Hi all, > > I have ten webservers that I would like nothing more than to update > to 6.3 or > 7.x > > But right now I just dont have time. > > I was wondering if anyone has tried the patches BIND DNS Poioning > listed on the freebsd homepage (security advisories) on 6.1 and/or > 6.2 and if they worked OK. > > -Grant > ___ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BIND DNS Patching on 6.1, 6.2
gpeel skrev: I was thinking I would try the BIND959.5.0 port, but it apprears that this version is still vulneralbe. The port dns/bind95 is patched: $ named -version BIND 9.5.0-P2 Easily installed with the option WITH_REPLACE_BASE. Regards, Lars ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BIND DNS Patching on 6.1, 6.2
Lars, Thanks for the reply. I have installed many hundreds of ports, but an feeling a little nervouse about this one. Would you mind creating a simplified step by step for how to perform this one? If so, Please include the make lines ... Thanks a billion, -Grant - Original Message - From: "Lars Kristiansen" <[EMAIL PROTECTED]> To: "gpeel" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, August 29, 2008 8:38 PM Subject: Re: BIND DNS Patching on 6.1, 6.2 gpeel skrev: I was thinking I would try the BIND959.5.0 port, but it apprears that this version is still vulneralbe. The port dns/bind95 is patched: $ named -version BIND 9.5.0-P2 Easily installed with the option WITH_REPLACE_BASE. Regards, Lars ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BIND DNS Patching on 6.1, 6.2
Grant Peel skrev: Lars, Thanks for the reply. I have installed many hundreds of ports, but an feeling a little nervouse about this one. Would you mind creating a simplified step by step for how to perform this one? If so, Please include the make lines ... Thanks a billion, -Grant iirc, all I did at the time was to read the ports Makefile and other relevant files, then portinstall -p and select "Replace base BIND with this version" when the options screen is displayed. Then restart named and check that everything is working like it should. dig @localhost +short porttest.dns-oarc.net TXT will hopefully now give a result that includes the word GREAT. Lars - Original Message - From: "Lars Kristiansen" <[EMAIL PROTECTED]> To: "gpeel" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, August 29, 2008 8:38 PM Subject: Re: BIND DNS Patching on 6.1, 6.2 gpeel skrev: I was thinking I would try the BIND959.5.0 port, but it apprears that this version is still vulneralbe. The port dns/bind95 is patched: $ named -version BIND 9.5.0-P2 Easily installed with the option WITH_REPLACE_BASE. Regards, Lars ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BIND DNS Patching on 6.1, 6.2
Hi all, Thanks to Lars I have come up with the following (to upgrade BIND for the DNS caching issue)...(short of updateing all source). Download the latest port BIND95.9.5.x (p2 I think), Extract it to the ports directory, make -DWITH_REPLACE_BASE make install make clean Is the above correct? Also, Will the installation leave all my current (BIND) configs alone? -Grant - Original Message - From: "Lars Kristiansen" <[EMAIL PROTECTED]> To: "gpeel" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, August 29, 2008 8:38 PM Subject: Re: BIND DNS Patching on 6.1, 6.2 gpeel skrev: I was thinking I would try the BIND959.5.0 port, but it apprears that this version is still vulneralbe. The port dns/bind95 is patched: $ named -version BIND 9.5.0-P2 Easily installed with the option WITH_REPLACE_BASE. Regards, Lars ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: BIND DNS Patching on 6.1, 6.2
Grant Peel wrote: Hi all, Thanks to Lars I have come up with the following (to upgrade BIND for the DNS caching issue)...(short of updateing all source). Download the latest port BIND95.9.5.x (p2 I think), 9.5.0.2 -- correct. Extract it to the ports directory, make -DWITH_REPLACE_BASE You should get an OPTIONS dialogue here which will allow you to achieve the required result. Use 'make config' to force the issue if necessary. make install make clean Is the above correct? Yes, that will work just fine. Also, Will the installation leave all my current (BIND) configs alone? It will not trash /etc/namedb/named.conf -- actually, I think it won't touch anything under /etc/namedb so it should 'just work' with your existing configuration. Remember to remove any 'port 53' clauses from 'query source' statements in named.conf or this will all have been for nothing. If you're going to do the 'REPLACE_BASE' thing, then you should add WITHOUT_BIND=yes to /etc/make.conf (/etc/src.conf in 7.x and above) -- otherwise you'll revert to the system version of BIND whenever you update. There are half a dozen BIND related make flags that you can pick and choose from if you want finer control. Alternatively, you can leave the base system as-is, install the port under /usr/local as usual, and just use variables like the following in /etc/rc.conf: named_enable="YES" named_program="/usr/local/sbin/named" named_flags="-c /etc/namedb/named.conf" This means you'll run named-2.5.0.2 from the port (which is the important bit) but unless you fiddle with your $PATH, you'll tend to get all the adjunct programs like dig, host, rndc from the base system. Either way, it should all be pretty seamless. Which way you choose is a matter of taste and convenience rather than necessity. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
In a bit of a bind - DNS problems and ipfw
Hello
I am having problems with my FreeBSD 5.4 gateway/firewall. When I enable a
custom firewall (ipfw) or the "Simple" firewall through rc.firewall my
clients are unable to resolve DNS when DNS does work with the "Open" ruleset
that is provide by rc.firewall. I create the custom firewall couple years
ago and they work fine under 4.11 but after the upgrade I have not been able
to get them to work.
I sure I am doing something stupid but I am not smart enough to solve it at
the moment.
Thank you
Aaron Siegel
Custom firewall rules
#Allow DNS
$cmd 019 allow tcp from any to any 53 out via $pif
$cmd 018 allow udp from any to any 53 out via $pif
/etc/rc.conf
gateway_enable="YES"
firewall_enable="YES"
firewall_type="open"
natd_enable="YES"
natd_interface="dc0"
ifconfig_dc0="192.168.0.2" #public interface
ifconfig_fxp0="192.168.245.1 netmask 255.255.255.0" #private interface
/etc/rc.conf
I have commented out the following lines
#${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: In a bit of a bind - DNS problems and ipfw
Aaron Siegel <[EMAIL PROTECTED]> writes:
> Hello
>
> I am having problems with my FreeBSD 5.4 gateway/firewall. When I enable a
> custom firewall (ipfw) or the "Simple" firewall through rc.firewall my
> clients are unable to resolve DNS when DNS does work with the "Open" ruleset
> that is provide by rc.firewall. I create the custom firewall couple years
> ago and they work fine under 4.11 but after the upgrade I have not been able
> to get them to work.
>
> I sure I am doing something stupid but I am not smart enough to solve it at
> the moment.
>
> Thank you
> Aaron Siegel
>
> Custom firewall rules
> #Allow DNS
> $cmd 019 allow tcp from any to any 53 out via $pif
> $cmd 018 allow udp from any to any 53 out via $pif
You need to let the replies back in.
Try keep-state.
> /etc/rc.conf
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="open"
> natd_enable="YES"
> natd_interface="dc0"
>
> ifconfig_dc0="192.168.0.2" #public interface
> ifconfig_fxp0="192.168.245.1 netmask 255.255.255.0" #private interface
>
> /etc/rc.conf
> I have commented out the following lines
> #${fwcmd} add deny all from any to 192.168.0.0/16 via ${oif}
Why?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Possible to run 2 instances of Bind DNS server in jails??
Hi, I'm just reading through a thread right now on a discussion or debate whether to ports Solaris Zones to FreeBSD. My main Google search criteria was basically that I wanted to know if FreeBSD had something similar. In this discussion it was mentioned that FreeBSD Jails where the sudo 'equivalent' to Zones but of course behave much more like a chroot environment. I have to ask if it's possible since I'm coming over from Solaris to dedicate NICs to Jails and run separate instances of applications in there, the one I am looking for primarily is Bind. As I would like to use a Sun Fire V480 server as a mainframe but stuck between the application advantages of FreeBSD and some of the virtualization technologies within Solaris. Has anyone got any advice or comments as to whether I can achieve my goal?? Many thanks, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Possible to run 2 instances of Bind DNS server in jails??
The only bit I'm not certain on is dedicating a nic to a jail (more because I havent tried than because I believe it cant be done, I'd expect that the network stack virtualization in 8+ should allow this.) You can most definately run seperate instances of applications in jails. I'd recomend subscribing to the freebsd-jails mailing list (http://lists.freebsd.org/mailman/listinfo/freebsd-jail) for jail specific questions as I've only dabbled with them a little. But a 10 second example [r...@seaurchin ~]# jls JID IP Address Hostname Path 1 10.20.0.3 womble/var/jails/womble 2 10.20.0.2 foobar/var/jails/foobar [r...@seaurchin ~]# jexec 1 ps ax PID TT STAT TIME COMMAND 8166 ?? SsJ0:06.69 /usr/sbin/syslogd -s 8231 ?? SsJ1:00.94 sendmail: accepting connections (sendmail) 8235 ?? IsJ0:00.92 sendmail: Queue run...@00:30:00 for /var/spool/client 8241 ?? SsJ0:08.55 /usr/sbin/cron -s 79334 ?? IsJ0:00.06 /usr/sbin/named -u bind 79559 0 R+J0:00.00 ps ax [r...@seaurchin ~]# jexec 2 ps ax PID TT STAT TIME COMMAND 8504 ?? IsJ0:01.15 sendmail: Queue run...@00:30:00 for /var/spool/client 8510 ?? SsJ0:08.35 /usr/sbin/cron -s 79447 ?? IsJ0:00.07 /usr/sbin/named -u bind 79584 0 R+J0:00.00 ps ax Hope that helps Vince Kaya Saman wrote: Hi, I'm just reading through a thread right now on a discussion or debate whether to ports Solaris Zones to FreeBSD. My main Google search criteria was basically that I wanted to know if FreeBSD had something similar. In this discussion it was mentioned that FreeBSD Jails where the sudo 'equivalent' to Zones but of course behave much more like a chroot environment. I have to ask if it's possible since I'm coming over from Solaris to dedicate NICs to Jails and run separate instances of applications in there, the one I am looking for primarily is Bind. As I would like to use a Sun Fire V480 server as a mainframe but stuck between the application advantages of FreeBSD and some of the virtualization technologies within Solaris. Has anyone got any advice or comments as to whether I can achieve my goal?? Many thanks, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org" ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
Re: Possible to run 2 instances of Bind DNS server in jails??
Vince Hoffman wrote: The only bit I'm not certain on is dedicating a nic to a jail (more because I havent tried than because I believe it cant be done, I'd expect that the network stack virtualization in 8+ should allow this.) You can most definately run seperate instances of applications in jails. I'd recomend subscribing to the freebsd-jails mailing list (http://lists.freebsd.org/mailman/listinfo/freebsd-jail) for jail specific questions as I've only dabbled with them a little. But a 10 second example [r...@seaurchin ~]# jls JID IP Address Hostname Path 1 10.20.0.3 womble/var/jails/womble 2 10.20.0.2 foobar/var/jails/foobar [r...@seaurchin ~]# jexec 1 ps ax PID TT STAT TIME COMMAND 8166 ?? SsJ0:06.69 /usr/sbin/syslogd -s 8231 ?? SsJ1:00.94 sendmail: accepting connections (sendmail) 8235 ?? IsJ0:00.92 sendmail: Queue run...@00:30:00 for /var/spool/client 8241 ?? SsJ0:08.55 /usr/sbin/cron -s 79334 ?? IsJ0:00.06 /usr/sbin/named -u bind 79559 0 R+J0:00.00 ps ax [r...@seaurchin ~]# jexec 2 ps ax PID TT STAT TIME COMMAND 8504 ?? IsJ0:01.15 sendmail: Queue run...@00:30:00 for /var/spool/client 8510 ?? SsJ0:08.35 /usr/sbin/cron -s 79447 ?? IsJ0:00.07 /usr/sbin/named -u bind 79584 0 R+J0:00.00 ps ax Hope that helps Vince Thanks Vince! That really helps a lot :-) Will check the jails mailing list out and see what I can discover regarding the NICs... Regards, Kaya ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
