El 17/04/2019 a las 12:58, Arian Molina Aguilera escribió:
El 17/4/19 a las 10:56, Alberto José García Fumero escribió:
El mié, 17-04-2019 a las 07:28 -0400, Jose Joaquin Ruiz Silva escribió:
Hola amigos de la lista mira tengo este problema que me esta diciendo
en
el log. Segun el administrador de mi red nacional dice que la Osri
le
dijo que eso es un virus
01-Jun-2018 22:22:53.646 edns-disabled: info: success resolving
'tar.kziu0tpofwf.club/A' (in 'club'?) after disabling EDNS
Pero yo escaneo la maquina y no encuentra nada
Tengo el servidor de dominio con samba4 y bind9 compilados en debian
9
pero el servidor que esta haciendo esa peticion es en Windows Server
2008 R2 porque es el servidor del versat. Como pudiera resilver esto.
Saludos.
01-Jun-2018 21:59:34.190 update: info: client @0x7f8eac0a8aa0
172.17.9.39#51167/key LENOVO\$\@FAG.REDUIM.CU: updating zone
'fag.reduim.cu/NONE': update failed: rejected by secure update
(REFUSED)
01-Jun-2018 21:59:34.190 database: info: samba_dlz: cancelling
transaction on zone fag.reduim.cu
01-Jun-2018 22:00:30.116 edns-disabled: info: success resolving
'157.9.141.220.in-addr.arpa/PTR' (in '220.in-addr.arpa'?) after
disabling EDNS
01-Jun-2018 22:02:47.833 edns-disabled: info: success resolving
'211.5.104.112.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after disabling
EDNS
01-Jun-2018 22:03:02.961 edns-disabled: info: success resolving
'211.110.115.59.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after
disabling EDNS
01-Jun-2018 22:03:20.881 edns-disabled: info: success resolving
'58.121.166.218.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after
disabling EDNS
01-Jun-2018 22:05:07.166 edns-disabled: info: success resolving
'135.76.105.112.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after
disabling EDNS
01-Jun-2018 22:07:48.280 edns-disabled: info: success resolving
'114.104.19.81.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after disabling
EDNS
01-Jun-2018 22:07:48.375 edns-disabled: info: success resolving
'117.104.19.81.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after disabling
EDNS
01-Jun-2018 22:10:13.181 edns-disabled: info: success resolving
'redirect.geo.kaspersky.com/A' (in 'geo.kaspersky.com'?) after
disabling
EDNS
01-Jun-2018 22:15:35.428 edns-disabled: info: success resolving
'1.31.236.200.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after disabling
EDNS
01-Jun-2018 22:17:51.565 edns-disabled: info: success resolving
'152.226.216.52.in-addr.arpa/PTR' (in '52.in-addr.arpa'?) after
disabling EDNS
01-Jun-2018 22:21:44.083 edns-disabled: info: success resolving
'27.84.37.114.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after disabling
EDNS
01-Jun-2018 22:22:40.223 edns-disabled: info: success resolving
'189.50.55.65.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after disabling
EDNS
01-Jun-2018 22:22:53.646 edns-disabled: info: success resolving
'tar.kziu0tpofwf.club/A' (in 'club'?) after disabling EDNS
01-Jun-2018 22:24:10.634 edns-disabled: info: success resolving
'114.104.19.81.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after disabling
EDNS
01-Jun-2018 22:24:34.495 edns-disabled: info: success resolving
'211.30.12.85.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after disabling
EDNS
01-Jun-2018 22:24:35.212 edns-disabled: info: success resolving
'114.114.231.54.in-addr.arpa/PTR' (in '54.in-addr.arpa'?) after
disabling EDNS
01-Jun-2018 22:26:57.610 edns-disabled: info: success resolving
'213.96.104.112.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after
disabling EDNS
01-Jun-2018 22:27:40.336 edns-disabled: info: success resolving
'4.104.121.158.in-addr.arpa/PTR' (in 'in-addr.arpa'?) after disabling
EDNS
01-Jun-2018 22:28:00.121 database: info: samba_dlz: starting
transaction
on zone fag.reduim.cu
_______________________________________________
Dentro de mi súper limitado alcance en estos temas, no se trata de
virus. (Doy por descontado que esa máquina Windows tiene puesto un
antivirus) sino de una dificultad con el tamaño de los paquetes UDP del
DNS. O el cortafuegos no deja pasar paquetes más grandes que 512 bytes.
O el Server 2008 RC2 no acepta el tipo de paquetes que manda el BIND y
el BIND pasa a mandar paquetes reducidos (porque tu Bind estoy seguro
de que es más nuevo que ese server...).
Podrías probar a poner una directiva server como se indica en estas
documentaciones que te cito más abajo. Esta documentación te dará
(espero) más detalles. perdona que esté en inglés. Te la traduciría si
tuviera tiempo, pero estoy "cogido" con el tiempo.
*************************
It is possible to disable sending the EDNS Cookie option by creating a
server { } directive in your named.conf file with send-cookie no;
See also https://ednscomp.isc.org/ where there's more information about
EDNS (non-)compliance and a compliance testing tool.
****************
Things I never knew about DNS – EDNS
We run a few internal and external DNS servers in the company I work
for. Keeping them up to date is something we must do each year to keep
one step ahead of any exploits discovered. I find that upgrading each
version of BIND I learn something new about it. The documentation is
not impressive to say the least!
One new thing I learned was EDNS – Extended Mechanisms for DNS. I
discovered this new (to me) option as I finished installing and
configuring BIND, I enabled verbose logging to test some DNS queries. I
found that some queries were abit slow to begin with. I checked the log
file for messages and discovered plenty of these messages:
edns-disabled: info: success resolving
'ns6.netnorth.net/AAAA' (in 'netnorth.net'?) after reducing the
advertised EDNS UDP packet size to 512 octets
So what is EDNS? Well first I have to tell you about ordinary DNS.
Typical DNS UDP packets come with a maximum 512 octets in size.
Anything more than that will be rejected or fragmented depending on
your firewall. But EDNS on the otherhand carries more information and
allows for a packet size up to 4026 octets. The reason for this (in
RFC2671) is: “Many of DNS’s protocol limits are too small for uses
which are or which are desired to become common. There is no way for
implementations to advertise their capabilities.” So new versions of
BIND and whatever DNS software you use will support EDNS. What will
happen is that when we send a DNS request to a DNS server by default
the label type will be set to ’01′ which means “extended label type”.
The DNS server recieves this request and replies with either a normal
512 octet packet if it does not support EDNS yet or replies with an
EDNS packet of up to 4096 octets. The problem we saw was that our
firewall only accepted DNS packets of size 512 octets. Anything above
that was discarded or attempted to fragment. To resolve this instead of
turning off EDNS on our server I asked our network engineers to allow
DNS packets through the network of up to 4096 octets in size. As soon
as this was implemented the messages disappeared from the log file and
DNS resolving was much faster.
Some handy links:
RFC: http://tools.ietf.org/html/rfc2671
BIND: http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html
edns-udp-size
edns-udp-size sets the advertised EDNS UDP buffer size. Valid values
are 512 to 4096 (values outside this range will be silently adjusted).
The default value is 4096. The usual reason for setting edns-udp-size
to a non default value it to get UDP answers to pass through broken
firewalls that block fragmented packets and/or block UDP packets that
are greater than 512 bytes.”
no permitas la recursividad a ningún host en tu red que no sea
explícitamente necesario que tenga que salir al exterior. Es la primera
medida que debes tener en tu red
_______________________________________________
Gutl-l mailing list -- gutl-l@listas.jovenclub.cu
To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
Este es mi fichero named.conf
controls {
inet 127.0.0.1 port 953 allow { 127.0.0.1; 172.17.9.59; } keys {
rndc-key; };
};
options {
query-source address * port 53;
listen-on-v6 { none; };
auth-nxdomain yes;
allow-query { any; };
allow-update { any; };
dnssec-enable no;
dnssec-validation no;
//dnssec-lookaside auto;
empty-zones-enable no;
notify yes;
also-notify { 172.17.9.4;};
allow-transfer { 172.17.19.3; };
notify-source 172.17.9.4;
transfer-source 172.17.9.4;
recursion yes;
edns-udp-size 512;
max-udp-size 512;
allow-recursion { any; };
forwarders { 172.16.1.7; 172.16.1.8;};
tkey-gssapi-keytab "/usr/local/samba/private/dns.keytab";
directory "/var/cache/bind";
};
include "/usr/local/samba/private/named.conf";
include "/etc/bind/rndc.key";
#server { send-cookie no; };
logging {
channel err {
file "/var/log/bind9/bind.err";
severity error;
print-time yes;
print-category yes;
print-severity yes;
};
channel info {
file "/var/log/bind9/bind.info";
severity info;
print-time yes;
print-category yes;
print-severity yes;
};
channel warn {
file "/var/log/bind9/bind.warn";
severity warning;
print-time yes;
print-category yes;
print-severity yes;
};
channel log {
file "/var/log/bind9/bind.log";
severity debug 1;
print-time yes;
print-category yes;
print-severity yes;
};
category default { err; info; warn; log; };
};
que tengo que modificar es que no se mucho sobre dns .
_______________________________________________
Gutl-l mailing list -- gutl-l@listas.jovenclub.cu
To unsubscribe send an email to gutl-l-le...@listas.jovenclub.cu
