Admins eHow SysAdmin Tips & Tricks

December 2, 2022

Redirect all DNS requests to local caching DNS server

Filed under: dns,linux — Tags: , , , , — admin @ 2:44 am

For caching DNS Server, I use PowerDNS recursor server. Install it first :

apt install pdns-recursor

By default it listens on 127.0.0.1:53 and should work right after the installation, but for faster performance I want it to forward all queries to 8.8.8.8 which is Google’s public DNS server. so change /etc/powerdns/recursor.conf and add the following line :

forward-zones-recurse= .=8.8.8.8;

Restart the service after config change :

systemctl restart pdns-recursor.service

Now you can test it :

dig yahoo.com @127.0.0.1

You should get a valid response.
Now lets redirect all DNS queries to our local server :

iptables -t nat -I OUTPUT -m owner --uid-owner pdns -j RETURN
iptables -t nat -I POSTROUTING -m owner --uid-owner pdns -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to 127.0.0.1:53
iptables -t nat -A POSTROUTING -p udp --dport 53 -j SNAT --to-source 127.0.0.1

The first two iptables rules prevent a loop in redirecting pdns queries to outside world (8.8.8.8 in our case).
Done. Easy 😉

January 9, 2022

Linux DNS dig utility for Windows x64 (update)

Filed under: dns,Windows — Tags: , , — admin @ 12:10 am

This installer installs the dig utility in Windows directory by default.
Download installer : Dig-x64-9.16.24-setup.exe

March 22, 2015

Linux dig utility for Windows x64

Filed under: dns,General,linux,Windows — Tags: , , , — admin @ 5:00 pm

I have created an installer for Linux DNS dig utility for Windows x64. it is extracted from BIND 9.10.2.x64.
It installs dig into system32 folder of Windows so it is already included in PATH and can be invoked from anywhere in command prompt.

Download : DIG_9.10.2.x64

May 12, 2014

SPF Policy Tester & Syntax Validator

Filed under: dns — Tags: , , , , — admin @ 1:54 pm

This website is super useful for verifying and testing SPF records :

SPF Syntax Validator : http://vamsoft.com/support/tools/spf-syntax-validator
SPF Policy Tester : http://vamsoft.com/support/tools/spf-policy-tester

May 17, 2010

How to check domain NS glue records using dig

Filed under: dns — Tags: , , , , , — admin @ 11:52 am

Lets check microsoft.com NS glue records by dig command.

As it is a .com domain first we should check root servers for .com by the following command :

dig NS com

Result :

com.                    22124   IN      NS      d.gtld-servers.net.
com.                    22124   IN      NS      f.gtld-servers.net.
com.                    22124   IN      NS      a.gtld-servers.net.
com.                    22124   IN      NS      c.gtld-servers.net.
com.                    22124   IN      NS      g.gtld-servers.net.
com.                    22124   IN      NS      i.gtld-servers.net.
com.                    22124   IN      NS      l.gtld-servers.net.
com.                    22124   IN      NS      m.gtld-servers.net.
com.                    22124   IN      NS      k.gtld-servers.net.
com.                    22124   IN      NS      e.gtld-servers.net.
com.                    22124   IN      NS      h.gtld-servers.net.
com.                    22124   IN      NS      b.gtld-servers.net.
com.                    22124   IN      NS      j.gtld-servers.net.

We can choose any root server for next query , I will choose m.gtld-servers.net :

dig NS microsoft.com @m.gtld-servers.net

Result :

;; AUTHORITY SECTION:
microsoft.com.          172800  IN      NS      ns1.msft.net.
microsoft.com.          172800  IN      NS      ns2.msft.net.
microsoft.com.          172800  IN      NS      ns3.msft.net.
microsoft.com.          172800  IN      NS      ns4.msft.net.
microsoft.com.          172800  IN      NS      ns5.msft.net.

;; ADDITIONAL SECTION:
ns1.msft.net.           172800  IN      A       65.55.37.62
ns2.msft.net.           172800  IN      A       64.4.59.173
ns3.msft.net.           172800  IN      A       213.199.161.77
ns4.msft.net.           172800  IN      A       207.46.75.254
ns5.msft.net.           172800  IN      A       65.55.226.140

OK we are done , the ADDITIONAL SECTION in last query contains the glue records :

ns1.msft.net.           172800  IN      A       65.55.37.62
ns2.msft.net.           172800  IN      A       64.4.59.173
ns3.msft.net.           172800  IN      A       213.199.161.77
ns4.msft.net.           172800  IN      A       207.46.75.254
ns5.msft.net.           172800  IN      A       65.55.226.140

Powered by WordPress