boina-n/dns_misc.snippets.sh

## dns_misc.snippets.sh
zone "toto-tr.fr.rt" {
	type master;
	masters { 213.154.64.11; };
	file "slaves/db.toto-tr.fr.rt";
};


#Replace this :
(^[a-z0-9\-]+(\.[a-z0-9\-]+)*)

#By this:
zone "\1" {\n\ttype master;\n\tmasters { 213.154.64.11; };\n\tfile "slaves/db.\1";\n};\n


cat data.fqdn | while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 41.223.142.3; };\n\tfile "slaves/db.$p";\n};\n" ; done


cat /tmp/data |grep ^Z | rev | tr -d \$Z |rev |cut -d : -f 1 > /tmp/data.fqdn


cat /tmp/data.fqdn | grep arpa | sort |uniq | while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 41.223.142.4; };\n\tfile \"slaves/db.$p\";\n};\n" ; done > /usr/local/progs/named/etc/rev.conf


cat /tmp/data.fqdn | grep -v arpa | sort |uniq | while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 41.223.142.4; };\n\tfile \"slaves/db.$p\";\n};\n" ; done > /usr/local/progs/named/etc/autozones.conf


cat /tmp/data.fqdn | grep arpa | sort |uniq | while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 127.0.0.1; };\n\tfile \"slaves/db.$p\";\n};\n" ; done > /usr/local/progs/bind-9.9.7-P3-TCP3sec-nossl-rrl-xtds-ipv6-64bits/etc/rev.conf


cat /tmp/data.fqdn | grep -v arpa | sort |uniq | while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 127.0.0.1; };\n\tfile \"slaves/db.$p\";\n};\n" ; done > /usr/local/progs/bind-9.9.7-P3-TCP3sec-nossl-rrl-xtds-ipv6-64bits/etc/autozones.conf


tcpdump -nni eth0  port 53 -w /tmp/dns.`hostname`-`date +%Y%m%d`-NBO.pcap -C 100M


## debugging
cat /var/log/daemon.log | grep "FORMERR" > formerr.txt

cat /tmp/formerr.txt |awk -F" " '{print $09}' | awk -F"#" '{print $1}' |sort |uniq -c|sort -rn > /tmp/IP.txt

tcpdump -vvv -i any src 82.127.225.212 -w toto.pcap


###
# PCAP CLEANER
###

tshark -R 'udp.dstport== 53 || tcp.dstport==53' -r /mnt/nas/pcaps/Alex/trafic_nominal_9611807.20151201.19h01m17s.pcap -w /mnt/nas/data/tcpreplay/trafic_nominal_9611807.20151201.19h01m17s.ok.pcap

ls | while read p ; do tshark -R 'udp.dstport== 53 || tcp.dstport==53' -r $p -w ok.$p ; done

###
# Xshell session generator.
###

cat hosts.txt | while read p
	do
		var=($( echo $p | awk '{print  $1" "$2 }'))
		sed s/Host=.*/Host=${var[1]}/g templates.xsh > ${var[0]}.xsh
		echo $p
	done


#Install DNS
mkdir /usr/local/progs
ln -s /usr/local/progs /exec/applis
cd /tmp/
mv bind-9.9.8-P2-TCP3sec-nossl-rrl-xtds-ipv6-64bits.tgz  /usr/local/progs/
cd /usr/local/progs/
tar -zxvf bind-9.9.8-P2-TCP3sec-nossl-rrl-xtds-ipv6-64bits.tgz
unlink named
ln -s bind-9.9.8-P2-TCP3sec-nossl-rrl-xtds-ipv6-64bits named
id dns || `echo "dns:x:501:501:::/sbin/nologin" >> /etc/passwd && echo "prog:x:501:" >> /etc/group`
chown -R dns:prog  /usr/local/progs
cp named/share/init-script/bind9 /etc/init.d/
chmod +x /etc/init.d/bind9
chkconfig --add bind9
chkconfig --list bind9
chkconfig bind9 on
chkconfig iptables off


[osadmin@pfq-dns-isoinj1-a dnsperf]$ wc -l ok.cleaning_center.pcap.20151201.19h01m17s-1448992877.645994-1448992920.921620.v.1.txt
8994730 ok.cleaning_center.pcap.20151201.19h01m17s-1448992877.645994-1448992920.921620.v.1.txt

From resperf source: https://github.com/cobblau/dnsperf
    static char *qtypes[] = {"A", "NS", "MD", "MF", "CNAME", "SOA", "MB", "MG",
        "MR", "NULL", "WKS", "PTR", "HINFO", "MINFO", "MX", "TXT",
        "AAAA", "SRV", "NAPTR", "A6", "AXFR", "MAILB", "MAILA", "*", "ANY"};


input=/mnt/nas/data/tcpreplay/nominal/ok.cleaning_center.pcap.20151201.19h01m17s-1448992877.645994-1448992920.921620.ano
output=ok.cleaning_center.pcap.20151201.19h01m17s-1448992877.645994-1448992920.921620.txt

tshark -R "dns.qry.type==A || dns.qry.type==NS || dns.qry.type==MD || dns.qry.type==MF || dns.qry.type==CNAME || dns.qry.type==SOA || dns.qry.type==MB || dns.qry.type==MG || dns.qry.type==MR || dns.qry.type==NULL || dns.qry.type==WKS || dns.qry.type==PTR || dns.qry.type==HINFO || dns.qry.type==MINFO || dns.qry.type==MX || dns.qry.type==TXT || dns.qry.type==AAAA || dns.qry.type==SRV || dns.qry.type==NAPTR || dns.qry.type==A6 || dns.qry.type==AXFR || dns.qry.type==MAILB || dns.qry.type==MAILA || dns.qry.type==ANY"  -r $input -T text | awk --re-interval '$(NF) ~ /[a-zA-Z0-9_-]{1,63}\.?+([a-zA-Z]{2,})/ && $(NF-1) ~ /^(A|NS|MD|MF|CNAME|SOA|MB|MG|MR|NULL|WKS|PTR|HINFO|MINFO|MX|TXT|AAAA|SRV|NAPTR|A6|AXFR|MAILB|MAILA|ANY)$/ { print $(NF) " " $(NF-1) } ' > $output


tshark -R "dns.qry.type==A || dns.qry.type==NS || dns.qry.type==MD || dns.qry.type==MF || dns.qry.type==CNAME || dns.qry.type==SOA || dns.qry.type==MB || dns.qry.type==MG || dns.qry.type==MR || dns.qry.type==NULL || dns.qry.type==WKS || dns.qry.type==PTR || dns.qry.type==HINFO || dns.qry.type==MINFO || dns.qry.type==MX || dns.qry.type==TXT || dns.qry.type==AAAA || dns.qry.type==SRV || dns.qry.type==NAPTR || dns.qry.type==A6 || dns.qry.type==AXFR || dns.qry.type==MAILB || dns.qry.type==MAILA || dns.qry.type==ANY"  -r $input -T text | awk --re-interval '$(NF) ~ /^(([a-zA-Z0-9_-]{1,63})\.{1}(\.{0}[a-zA-Z0-9_-]{0,63}){0,}(\.[a-zA-Z]{1,}))*$/ { print $(NF) " " $(NF-1) }' > $output


echo " lb._dns-sd._udp.\360'\257\002\030\027\256\002 " | awk --re-interval '$(NF) ~ /(((?!-)[a-zA-Z0-9_-]{1,63}\.?+([a-zA-Z]{2,63}))*/'

echo 'geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.fr' | awk --re-interval '$(NF) ~ /^([a-zA-Z0-9_-]{1,63}\.?([a-zA-Z]{2,}))*$/'


echo 'azeffa.ee.r' | awk --re-interval '$(NF) ~ /^(([a-zA-Z0-9_-]{1,63})\.{1}([a-zA-Z0-9_-]{0,63})\.{1}([a-zA-Z]{1,}))*$/'

echo 'azeffa.z.e.e.r' | awk --re-inter

echo 'azeffa.e.e.dr' | awk --re-interval '$(NF) ~ /^(([a-zA-Z0-9_-]{1,63})\.{1}(\.{0}[a-zA-Z0-9_-]{0,63}){0,}(\.[a-zA-Z]{1,}))*$/'

echo 'azeffa.eee.e..e.dr' | awk --re-interval '$(NF) ~ /^([a-zA-Z0-9_-]{1,63})(\.{1}[a-zA-Z0-9_-]{0,63}){0,}(\.{1}[a-zA-Z]{2,})*$/'
echo 'azeffa.eee.e.e.dr' | awk --re-interval '$(NF) ~ /((^[a-zA-Z0-9_-])(\.){1,63})([a-zA-Z]){2,}*$/'

val '$(NF) ~ /^(([a-zA-Z0-9_-]{1,63})\.{1}([a-zA-Z0-9_-]{1,63}.){0,}(.[a-zA-Z]{1,}))*$/'

(?=^.{1,253}$)

(^(					((?!-)[a-zA-Z0-9-]{1,63}(?<!-))|((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.)					+[a-zA-Z]{2,63})$)
	zone "toto-tr.fr.rt" {
	type master;
	masters { 213.154.64.11; };
	file "slaves/db.toto-tr.fr.rt";
	};



	#Replace this :
	(^[a-z0-9\-]+(\.[a-z0-9\-]+)*)

	#By this:
	zone "\1" {\n\ttype master;\n\tmasters { 213.154.64.11; };\n\tfile "slaves/db.\1";\n};\n



	cat data.fqdn \| while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 41.223.142.3; };\n\tfile "slaves/db.$p";\n};\n" ; done


	cat /tmp/data \|grep ^Z \| rev \| tr -d \$Z \|rev \|cut -d : -f 1 > /tmp/data.fqdn


	cat /tmp/data.fqdn \| grep arpa \| sort \|uniq \| while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 41.223.142.4; };\n\tfile \"slaves/db.$p\";\n};\n" ; done > /usr/local/progs/named/etc/rev.conf


	cat /tmp/data.fqdn \| grep -v arpa \| sort \|uniq \| while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 41.223.142.4; };\n\tfile \"slaves/db.$p\";\n};\n" ; done > /usr/local/progs/named/etc/autozones.conf






	cat /tmp/data.fqdn \| grep arpa \| sort \|uniq \| while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 127.0.0.1; };\n\tfile \"slaves/db.$p\";\n};\n" ; done > /usr/local/progs/bind-9.9.7-P3-TCP3sec-nossl-rrl-xtds-ipv6-64bits/etc/rev.conf


	cat /tmp/data.fqdn \| grep -v arpa \| sort \|uniq \| while read p ; do echo -e "zone "$p" {\n\ttype slave;\n\tmasters { 127.0.0.1; };\n\tfile \"slaves/db.$p\";\n};\n" ; done > /usr/local/progs/bind-9.9.7-P3-TCP3sec-nossl-rrl-xtds-ipv6-64bits/etc/autozones.conf


	tcpdump -nni eth0 port 53 -w /tmp/dns.`hostname`-`date +%Y%m%d`-NBO.pcap -C 100M






	## debugging
	cat /var/log/daemon.log \| grep "FORMERR" > formerr.txt

	cat /tmp/formerr.txt \|awk -F" " '{print $09}' \| awk -F"#" '{print $1}' \|sort \|uniq -c\|sort -rn > /tmp/IP.txt

	tcpdump -vvv -i any src 82.127.225.212 -w toto.pcap



	###
	# PCAP CLEANER
	###

	tshark -R 'udp.dstport== 53 \|\| tcp.dstport==53' -r /mnt/nas/pcaps/Alex/trafic_nominal_9611807.20151201.19h01m17s.pcap -w /mnt/nas/data/tcpreplay/trafic_nominal_9611807.20151201.19h01m17s.ok.pcap

	ls \| while read p ; do tshark -R 'udp.dstport== 53 \|\| tcp.dstport==53' -r $p -w ok.$p ; done

	###
	# Xshell session generator.
	###

	cat hosts.txt \| while read p
	do
	var=($( echo $p \| awk '{print $1" "$2 }'))
	sed s/Host=.*/Host=${var[1]}/g templates.xsh > ${var[0]}.xsh
	echo $p
	done


	#Install DNS
	mkdir /usr/local/progs
	ln -s /usr/local/progs /exec/applis
	cd /tmp/
	mv bind-9.9.8-P2-TCP3sec-nossl-rrl-xtds-ipv6-64bits.tgz /usr/local/progs/
	cd /usr/local/progs/
	tar -zxvf bind-9.9.8-P2-TCP3sec-nossl-rrl-xtds-ipv6-64bits.tgz
	unlink named
	ln -s bind-9.9.8-P2-TCP3sec-nossl-rrl-xtds-ipv6-64bits named
	id dns \|\| `echo "dns:x:501:501:::/sbin/nologin" >> /etc/passwd && echo "prog:x:501:" >> /etc/group`
	chown -R dns:prog /usr/local/progs
	cp named/share/init-script/bind9 /etc/init.d/
	chmod +x /etc/init.d/bind9
	chkconfig --add bind9
	chkconfig --list bind9
	chkconfig bind9 on
	chkconfig iptables off




	[osadmin@pfq-dns-isoinj1-a dnsperf]$ wc -l ok.cleaning_center.pcap.20151201.19h01m17s-1448992877.645994-1448992920.921620.v.1.txt
	8994730 ok.cleaning_center.pcap.20151201.19h01m17s-1448992877.645994-1448992920.921620.v.1.txt

	From resperf source: https://github.com/cobblau/dnsperf
	static char *qtypes[] = {"A", "NS", "MD", "MF", "CNAME", "SOA", "MB", "MG",
	"MR", "NULL", "WKS", "PTR", "HINFO", "MINFO", "MX", "TXT",
	"AAAA", "SRV", "NAPTR", "A6", "AXFR", "MAILB", "MAILA", "*", "ANY"};




	input=/mnt/nas/data/tcpreplay/nominal/ok.cleaning_center.pcap.20151201.19h01m17s-1448992877.645994-1448992920.921620.ano
	output=ok.cleaning_center.pcap.20151201.19h01m17s-1448992877.645994-1448992920.921620.txt

	tshark -R "dns.qry.type==A \|\| dns.qry.type==NS \|\| dns.qry.type==MD \|\| dns.qry.type==MF \|\| dns.qry.type==CNAME \|\| dns.qry.type==SOA \|\| dns.qry.type==MB \|\| dns.qry.type==MG \|\| dns.qry.type==MR \|\| dns.qry.type==NULL \|\| dns.qry.type==WKS \|\| dns.qry.type==PTR \|\| dns.qry.type==HINFO \|\| dns.qry.type==MINFO \|\| dns.qry.type==MX \|\| dns.qry.type==TXT \|\| dns.qry.type==AAAA \|\| dns.qry.type==SRV \|\| dns.qry.type==NAPTR \|\| dns.qry.type==A6 \|\| dns.qry.type==AXFR \|\| dns.qry.type==MAILB \|\| dns.qry.type==MAILA \|\| dns.qry.type==ANY" -r $input -T text \| awk --re-interval '$(NF) ~ /[a-zA-Z0-9_-]{1,63}\.?+([a-zA-Z]{2,})/ && $(NF-1) ~ /^(A\|NS\|MD\|MF\|CNAME\|SOA\|MB\|MG\|MR\|NULL\|WKS\|PTR\|HINFO\|MINFO\|MX\|TXT\|AAAA\|SRV\|NAPTR\|A6\|AXFR\|MAILB\|MAILA\|ANY)$/ { print $(NF) " " $(NF-1) } ' > $output


	tshark -R "dns.qry.type==A \|\| dns.qry.type==NS \|\| dns.qry.type==MD \|\| dns.qry.type==MF \|\| dns.qry.type==CNAME \|\| dns.qry.type==SOA \|\| dns.qry.type==MB \|\| dns.qry.type==MG \|\| dns.qry.type==MR \|\| dns.qry.type==NULL \|\| dns.qry.type==WKS \|\| dns.qry.type==PTR \|\| dns.qry.type==HINFO \|\| dns.qry.type==MINFO \|\| dns.qry.type==MX \|\| dns.qry.type==TXT \|\| dns.qry.type==AAAA \|\| dns.qry.type==SRV \|\| dns.qry.type==NAPTR \|\| dns.qry.type==A6 \|\| dns.qry.type==AXFR \|\| dns.qry.type==MAILB \|\| dns.qry.type==MAILA \|\| dns.qry.type==ANY" -r $input -T text \| awk --re-interval '$(NF) ~ /^(([a-zA-Z0-9_-]{1,63})\.{1}(\.{0}[a-zA-Z0-9_-]{0,63}){0,}(\.[a-zA-Z]{1,}))*$/ { print $(NF) " " $(NF-1) }' > $output




	echo " lb._dns-sd._udp.\360'\257\002\030\027\256\002 " \| awk --re-interval '$(NF) ~ /(((?!-)[a-zA-Z0-9_-]{1,63}\.?+([a-zA-Z]{2,63}))*/'

	echo 'geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.geeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee.fr' \| awk --re-interval '$(NF) ~ /^([a-zA-Z0-9_-]{1,63}\.?([a-zA-Z]{2,}))*$/'


	echo 'azeffa.ee.r' \| awk --re-interval '$(NF) ~ /^(([a-zA-Z0-9_-]{1,63})\.{1}([a-zA-Z0-9_-]{0,63})\.{1}([a-zA-Z]{1,}))*$/'

	echo 'azeffa.z.e.e.r' \| awk --re-inter

	echo 'azeffa.e.e.dr' \| awk --re-interval '$(NF) ~ /^(([a-zA-Z0-9_-]{1,63})\.{1}(\.{0}[a-zA-Z0-9_-]{0,63}){0,}(\.[a-zA-Z]{1,}))*$/'

	echo 'azeffa.eee.e..e.dr' \| awk --re-interval '$(NF) ~ /^([a-zA-Z0-9_-]{1,63})(\.{1}[a-zA-Z0-9_-]{0,63}){0,}(\.{1}[a-zA-Z]{2,})*$/'
	echo 'azeffa.eee.e.e.dr' \| awk --re-interval '$(NF) ~ /((^[a-zA-Z0-9_-])(\.){1,63})([a-zA-Z]){2,}*$/'

	val '$(NF) ~ /^(([a-zA-Z0-9_-]{1,63})\.{1}([a-zA-Z0-9_-]{1,63}.){0,}(.[a-zA-Z]{1,}))*$/'

	(?=^.{1,253}$)

	(^( ((?!-)[a-zA-Z0-9-]{1,63}(?<!-))\|((?!-)[a-zA-Z0-9-]{1,63}(?<!-)\.) +[a-zA-Z]{2,63})$)