Monthly Archives: May 2019

Bind server not responding to external queries

17th May 2019Miscellaneous@nameserver, @nameserver query, bind, bind dns, bind9, dnsManish

Recently I ran into a problem where one DNS server setup using Bind9 was not responding to external queries.

systemctl status bind9 –no-pager –full shows “Denied“

Common issues (listed below) that can cause the problem were not there.

Bind9 was running properly
The server was listening on both IPv4 and IPv6
Port 53 was open
The DNS server or port 53 could be connected using Telnet

The issue was with “recursive query” permissions. To allow external queries needed to add the following option

options {
   ...
   ...
     allow-recursion { any; };
   ...
   ...
}

The options are commonly stored in /etc/bind/named.conf.options for Bind9 servers.

Manually adding a DNS Zone to Bind9 server

17th May 2019Miscellaneousbind, bind9, dns, dns zone, zoneManish

Create a Zone file in /etc/bind/ Example – /etc/bind/pri.domain.com

Add the entries . Example below

$TTL 3600
@ IN SOA ns2.dnserver.net. manish.gmail.com. (
2019051606 ; serial, todays date + todays serial #
7200 ; refresh, seconds
540 ; retry, seconds
604800 ; expire, seconds
3600 ) ; minimum, seconds
;

domain.com. 3600 A xxx.xxx.xxx.xxx
mail 3600 A xxx.xxx.xxx.xxx
www 3600 A xxx.xxx.xxx.xxx
domain.com. 3600 AAAA xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
mail 3600 AAAA xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
www 3600 AAAA xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx
domain.com. 3600 MX 10 mail.domain.net.
domain.com. 3600 NS ns1.dnserver.net.
domain.com. 3600 NS ns2.dnserver.net.
domain.com. 3600 TXT "v=spf1 mx a ~all"
default._domainkey.domain.com. 3600 TXT "v=DKIM1; t=s; p=......NBgkqhki................................................"
_dmarc.domain.com. 3600 TXT "v=DMARC1; p=quarantine"

Add the zone to /etc/bind/named.conf.local . Example below

zone "domain.com" {
    type master;
    allow-transfer {none;};
    file "/etc/bind/pri.domain.com";
};

service bind9 restart for Ubuntu and likes. For CentOS and likes service named restart

Two Way Encryption or Hashing using Key

3rd May 2019PHP2 way encryption, 2 way hashing, encryption, hashing, openssl_decryptManish

This is using PHP and openssl_decrypt/openssl_encrypt

Encrypting the string

$key = "xxxxxxxxxxx"; //11 characters
$ivlen = openssl_cipher_iv_length("aes-256-cbc-hmac-sha256");
$iv = openssl_random_pseudo_bytes($ivlen);
$hash = openssl_encrypt(STRING TO HASH,"aes-256-cbc-hmac-sha256",$key,0,$iv);
$iv = bin2hex($iv); // iv generated is in binary - converted to HEX for passing through SESSION or POST or URL

Decrypting back the string

$key = "xxxxxxxxxxx";
$hash = HASH FROM ENCRYPTION;
$iv = IV FROM ENCRYPTION STEP; //note this is in HEX and needs to be converted back to BIN 
$iv = hex2bin($iv); //convert the IV in HEX to BIN

$decryptedString = openssl_decrypt($hash,"aes-256-cbc-hmac-sha256",$key,0,$iv);

Feel free to explore other algorithms