13.2.2 Reverse analysis experiment
May 24, 2021 That's what Linux should learn
In DNS domain name resolution service, the role of reverse resolution is to resolve the IP address submitted by the user to the corresponding domain name information, which is generally used to block all domain names bound on an IP address, blocking spam sent by some domain names. I t can also reverse parse an IP address to approximate how many sites are running on it. When purchasing a virtual host, you can use this feature to verify that the virtual hosting provider has a serious oversold problem.
Step 1: Edit the zone profile. W hen editing the file, in addition to not writing the wrong format, you need to remember the name of the data profile defined here, because you will need to establish the corresponding file of the same name in the /var/named directory in a moment. R everse resolution is to resolve the IP address into a domain name format, so in defining zone (region) should be the IP address backcase, such as the original is 192.168.10.0, after the reverse write should be 10.168.192, and just write out the IP address of the network bit. Add the following parameters to the back of the positive resolution parameters.
[root@linuxprobe ~]# vim /etc/named.rfc1912.zones zone "linuxprobe.com" IN { type master; f ile "linuxprobe.com.zone"; a llow-update {none; } ; } ; z one "10.168.192.in-addr.arpa" IN { type master; f ile "192.168.10.arpa"; } ; S tep 2: Edit the data profile. F irst copy a reversely resolved template file (named.loopback) from the /var/named directory, and then fill in the following parameters into the file. Where the IP address only needs to write the host bit, as shown in Figure 13-5.
Figure 13-5 Reverse resolution of the IP address parameter specification in the file
(root@linuxprobe named) s cp -a named.loopback 192.168.10.arpa (root@linuxprobe named) s vim 192.168.10.arpa (root@linuxprobe named) s systemctl restart named editing $TTL 1D
@ IN SOA linuxprobe.com. r
oot.linuxprobe.com. ( 0; s
erial 1D; r
efresh 1H; r
etry 1W; e
xpire 3H);
minimum NS ns.linuxprobe.com.
ns A 192.168.10.10
10 PTR ns.linuxprobe.com. #
PTR is a pointer record, ONLY IN Reverse Resolution.
10 PTR mail.linuxprobe.com.
10 PTR www.linuxprobe.com. 2
0 PTR bbs.linuxprobe.com. S
tep 3: Test the results of the analysis.
In the previous positive resolution experiment, the DNS address parameters in the system network card have been modified to the local IP address, so you can directly use the nslookup command to verify the resolution results, only need to enter the IP address to query the corresponding domain name information.
[root@linuxprobe ~]# nslookup
192.168.10.10 Server: 127.0.0.1 Address: 127.0.0.1#53 10.10.168.192.in-addr.arpa name = ns.linuxprobe.com. 1 0.10.168.192.in-addr.arpa name = www.linuxprobe.com. 1 0.10.168.192.in-addr.arpa name = mail.linuxprobe.com. 192.168.10.20 Server: 127.0.0.1 Address: 127.0.0.1#53 20.10.168.192.in-addr.arpa name = bbs.linuxprobe.com.