krypted.com

Tiny Deathstars of Foulness

OS X Server supports running a traditional bind implementation of DNS. You can define a record for most any name, including google.com, www.google.com, www.www.google.com, etc. You can use this to redirect subdomains. In this example, we’ll create an A Record to point www.google.com to 127.0.0.1 without breaking other google.com subdomains. To get started, let’s use the DNS service in the Server app to create test.www.google.com. The reason for this is that OS X will then create a zone file for www.google.com. If we created www.google.com instead, then OS X would automatically create google.com, which would break the other subdomains. To do so, open Server app and click on the DNS Service. Then click on the plus sign to create a new record.

Screen Shot 2014-09-23 at 10.55.58 AM

Now, if you restart dns and ping test.www.google.com you should see the referenced IP. To then change www.google.com, we’d edit the zone file stored at /Library/Server/named/db.www.krypted.com. This file will look like this when you first open it:

www.google.com. 10800 IN SOA www.google.com. admin.www.google.com. (
2014092301 ; serial
3600 ; refresh (1 hour)
900 ; retry (15 minutes)
1209600 ; expire (2 weeks)
86400 ; minimum (1 day)
)
10800 IN NS test.www.google.com.
test.www.google.com. 10800 IN A 127.0.0.1

We’ll add an a record for a.www.google.com:

a.www.google.com. 10801 IN A 127.0.0.1

Now, to change the apex record, you’d just replace the name you’ve been using with an @:

@ 10801 IN A 127.0.0.1

Good luck!

September 23rd, 2014

Posted In: Mac OS X, Mac OS X Server, Mac Security, Mass Deployment, Network Infrastructure, sites, Ubuntu, Unix

Tags: , , , , , , , ,

Sometimes you want to move a domain but you don’t have a copy of the zone file in order to recreate records. The easy way to do this is to grab a zone transfer. To do so, dig is your friend:

dig -tAXFR mycompany.com

Sometimes though (and actually more often than not) a zone transfer is disabled. In that case you’ll need to dig the domain a bit differently. I like to use +nocmd, query for any and list the results (+answer):

dig +nocmd krypted.com any +answer

Which results in the following:

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39183
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;krypted.com. IN ANY

;; ANSWER SECTION:
krypted.com. 1262 IN A 97.74.215.39
krypted.com. 3600 IN MX 0 smtp.secureserver.net.
krypted.com. 3600 IN MX 10 mailstore1.secureserver.net.
krypted.com. 3600 IN NS ns25.domaincontrol.com.
krypted.com. 3600 IN NS ns26.domaincontrol.com.
krypted.com. 3600 IN SOA ns25.domaincontrol.com. dns.jomax.net. 2010010400 28800 7200 604800 3600

;; Query time: 127 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Tue May 7 22:31:15 2013
;; MSG SIZE rcvd: 207

The above shows the naked domain name entry (yes, I still giggle every time I write the word naked so it’s ok if you giggled when you read it), all of the mail (which btw I don’t actually use that mail so please don’t try and send any at this time) and the ns servers. Now, the serial and refresh information isn’t included in this output. Actually, it is but it might not make sense, so we’ll just add the +multiline option which will make this look strangely like a zone file:

dig +nocmd krypted.com any +multiline +answer

Notice the serial, refresh, retry, expire and minimum options are now listed in a much more fashionable way:

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10965
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;krypted.com. IN ANY

;; ANSWER SECTION:
krypted.com. 3225 IN A 97.74.215.39
krypted.com. 3225 IN MX 0 smtp.secureserver.net.
krypted.com. 3225 IN MX 10 mailstore1.secureserver.net.
krypted.com. 3225 IN NS ns25.domaincontrol.com.
krypted.com. 3225 IN NS ns26.domaincontrol.com.
krypted.com. 3225 IN SOA ns25.domaincontrol.com. dns.jomax.net. (
2010010400 ; serial
28800 ; refresh (8 hours)
7200 ; retry (2 hours)
604800 ; expire (1 week)
3600 ; minimum (1 hour)
)

;; Query time: 22 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Tue May 7 22:32:20 2013
;; MSG SIZE rcvd: 207

And there ya’ go. You’ve basically done a zone transfer on a box, even though zone transfers are disabled. Silly DNS admins, disabling zone transfers and all that… Yes, I disable zone transfers on most of my DNS boxen as well, or at least only allow them for specific IPs… 😉

May 8th, 2013

Posted In: Active Directory, Mac OS X, Mac OS X Server, Mac Security, Network Infrastructure, Ubuntu, Unix, VMware, Windows Server, Windows XP, Xsan

Tags: , , , , , , , , ,

If you see a lot of subdomains that are actually other people’s domain names in your DNS records for NetSol then you can either delete them or call and open a ticket with NetSol.  This is zone file corruption on their side.

October 9th, 2007

Posted In: Network Infrastructure, sites

Tags: , , ,