Yes, in my case my ISP (Orange) from it’s box (Orange PPPOE) at 192.168.1.254 fixed address.
My problem is that I don’t create a website or webserver or any else webservice… I just create a bridge to isolate a network from a compromised network.
I don’t want add any “zone” name to internet DNS servers… I just want relay DNS request such as
“google. com”
through the bridge to my ISP router, nothing more…
All example I seen want to add servers somewhere in the network. There is no example of simple bridge DNS request repeater…
You don’t see a problem installing distro with DE as a headless system?
What does that even mean? Should he go to the gym? I’m glad manjaro is using some special kernel that can overcome DDoS. Such a simple solution, no idea why businesses are paying for DDoS protection when all they could do is install Manjaro on a NUC.
Goes where? To the basement? Again, I’m glad that you think Manjaro uses some special kernel that can overcome DDoS.
Anyway, you’re saying your TV is attacking you? I think you shouldn’t say that too loudly or someone will call someone…
Not sure what you are saying here, but I’m sure top secret military systems are secured with iptables rules in filter table.
Sure it does… Dropping packets in filter table (where every packet is already connection-tracked) requires 0 CPU power. It’s magic.
with a stop and start of named service systemctl stop named systemctl start named systemctl status named
Doesn’t work…
once again I can access 192.168.1.254 from greenzone
DHCP protocol
TCP/IP protocol
HTTP(S) protocol
Firewall forward as I can see
DNS Résolution
If I have to show you my “conf” files, please ask …
Why hostname and server-idnone ?
I eard version “must” be 4 isn’t it ?
This is my running config - you cannot use it for anything …
I am contantly experimenting - so I advise you not to copy paste anything …
$ cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/etc/bind/zones.rfc1918";
$ cat /etc/bind/named.conf.options
options {
directory "/etc/bind";
// For AdBlock
response-policy {
zone "rpz.net.nix.dk";
# zone "urlhaus.zone";
};
# allow-query {
# trusted-network;
# };
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
# forwarders {
# 91.239.100.100;
# 89.233.43.71;
# 81.136.89.6;
# 83.136.89.4;
# };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation no;
//auth-nxdomain yes;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
#acl "trusted-network" {
# 172.30.30.0/24;
# ::1;
# 127.0.0.0/8;
#};
cat /etc/bind/named.conf.local
## AdBlock
zone "rpz.net.nix.dk" {
type master;
file "/etc/bind/db.rpz.net.nix.dk";
masterfile-format text;
allow-query { none; };
};
#zone "urlhaus.zone" {
# type master;
# file "urlhaus.rpz";
# allow-query { any; };
# allow-update { none; };
# allow-transfer { none; };
#};
### net.nix.dk zone
zone "net.nix.dk" {
type master;
file "/etc/bind/db.net.nix.dk";
# allow-update { 172.30.30.0/24; };
};
### uex.dk zone
#zone "uex.dk" {
# type master;
# file "/etc/bind/db.uex.dk";
#};
### ptr
zone "30.30.172.in-addr.arpa" {
type master;
file "/etc/bind/db.172.30.30";
allow-update { 172.30.30.0/24; };
};
cat /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
$ cat /etc/bind/zones.rfc1918
zone "10.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "16.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "17.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "18.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "19.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "20.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "21.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "22.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "23.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "24.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "25.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "26.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "27.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "28.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "29.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
#zone "30.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "31.172.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };
zone "168.192.in-addr.arpa" { type master; file "/etc/bind/db.empty"; };