The scenario:
- DNS zone
myzone.com
defined in BIND. - Authoritative name server at
123.16.123.1
. - Subzone
sub.myzone.com
with an authoritative name server at123.16.123.10
. - Wishing to forward sub-zone to authoritative name server.
IPTables is the Firewall service that is available in a lot of different Linux Distributions. While modifiying it might seem daunting at first, this Cheat Sheet should be able to show you just how easy it is to use and how quickly you can be on your way mucking around with your firewall.
The following list is a great set of documentation for iptables
. I used them to compile this documentation.
#!/bin/bash | |
echo "[i] Backing up root.hints ..." | |
cd /var/lib/unbound | |
sudo cp root.hints $(date +%F).root.hints | |
if [ -s $(date +%F).root.hints ] | |
then | |
echo "[✓] Backup root.hints success!" | |
echo "" |
Iptables(8) TARPIT is a useful security mechanism that can slow down or stop attacks on a network. If everyone used TARPIT to block attackers, in theory their resources would be exhausted as their connection attempts would be delayed, which would discouraged people from attempting unauthorized access. Here's a brief description of how TARPIT works:
To achieve this tar pit state, iptables accepts the incoming TCP/IP connection and then switches to a zero-byte window. This forces the attacker's system to stop sending data, rather like the effect of pressing Ctrl-S on a terminal. Any attempts by the attacker to close the connection are ignored, so the connection remains active and typically times out after only 12–24 minutes. This consumes resources on the attacker's system but not
#!/bin/bash | |
# wget -nv -O named.root https://www.internic.net/domain/named.root | |
echo "[i] Backing up root.hints ..." | |
cd /var/lib/unbound | |
sudo cp root.hints $(date +%F).root.hints | |
if [ -s $(date +%F).root.hints ] | |
then | |
echo "[✓] Backup root.hints success!" | |
echo "" |