Aggregator
【VK 技术分享】数据安全怎么做——数据防泄漏
开源信息收集周报#63
Harnessing the Momentum of Women in Cybersecurity
This week, some of the brightest subject matter experts from across the U.S. and beyond gathered virtually to talk about women in cybersecurity, recognizing that the internet is filled with both opportunities and risks, and that it’s up to all of us to defend, protect and secure critical internet infrastructure. Called Uniting Women in Cyber […]
The post Harnessing the Momentum of Women in Cybersecurity appeared first on Verisign Blog.
Akamai Edge Cloud: Scaling IoT, Part 2
银行业安全运营平台的建设与思考
ATA 8.0 Graduation Ceremony
威胁简报
5G, Security, IoT, Asavie, and Akamai
XSS 网络钓鱼
Catch Me if You Can?JavaScript Obfuscation
VIPKID SRC三岁啦~
Bilibili 2020「1024 程序员节」CTF Write Up
数盟IOS可信ID产品原理分析 - 我是小三
某IOS"可信ID"产品原理分析
Allow ISC BIND to Perform Recursive Reverse Lookups of LAN IP Addresses
ISC BIND sends immediate and authoritative NXDOMAIN responses to recursive lookups of LAN addresses by default. This prevents recursive lookup servers from sending meaningless requests to other DNS servers on the Internet. This tutorial will cover how recursive reverse lookups of LAN addresses can be enabled in BIND for lab environments and other special cases.
BIND Automatic Empty ZonesBIND automatically creates empty zones defined in RFC 6303 to avoid meaningless lookups of LAN address. Below are some of the zones include in the list. For a more detailed explanation on how automatic empty zone works, please visit ISC’s documentation for BIND.
- 10.IN-ADDR.ARPA
- 16.172.IN-ADDR.ARPA
- 17.172.IN-ADDR.ARPA
- 18.172.IN-ADDR.ARPA
- 19.172.IN-ADDR.ARPA
- 20.172.IN-ADDR.ARPA
- 21.172.IN-ADDR.ARPA
- 22.172.IN-ADDR.ARPA
- 23.172.IN-ADDR.ARPA
- 24.172.IN-ADDR.ARPA
- 25.172.IN-ADDR.ARPA
- 26.172.IN-ADDR.ARPA
- 27.172.IN-ADDR.ARPA
- 28.172.IN-ADDR.ARPA
- 29.172.IN-ADDR.ARPA
- 30.172.IN-ADDR.ARPA
- 31.172.IN-ADDR.ARPA
- 168.192.IN-ADDR.ARPA
- 100.51.198.IN-ADDR.ARPA
- 113.0.203.IN-ADDR.ARPA
- 8.B.D.0.1.0.0.2.IP6.ARPA
- More zones omitted
When BIND is started, these following messages can be found in syslog.
syslog logging the creation of automatic creations of empty zones
To allow recursive lookup servers to perform lookups for LAN addresses, the respective automatic empty zones must be disabled in BIND’s config. You may either disable specific automatic zones or disable the creation of all automatic empty zones altogether.
1 2 3 4 5 6 7 options{ # disable a specific automatic empty zone disable-empty-zone "168.192.IN-ADDR.ARPA"; # disable all automatic empty zones empty-zones-enable no; }The screenshot below shows an example of disabling the automatic empty zone 168.192.IN-ADDR.ARPA.
Modified BIND configuration file
Restart the BIND server after that, and recursive reverse lookups of LAN addresses should start working.
Successful recursive reverse lookup of LAN IP 192.168.14.80 using dig
- Automatic empty zones (including RFC 1918 prefixes): https://kb.isc.org/docs/aa-00800
- RFC 1918 Address Allocation for Private Internets: https://tools.ietf.org/html/rfc1918
- RFC 6303 Locally Served DNS Zones: https://tools.ietf.org/html/rfc6303