DNS Cache Poisoning Test


Q. How do I verify that my ISP or my own recursive resolvers are free from DNS cache poisoning bug that is promised full disclosure of the flaw by Dan on August 7 at the Black Hat conference? How do I test my dns server for DNS cache pollution or DNS Cache Poisoning bug?

A. DNS cache poisoning (also known as DNS cache pollution) is a maliciously created or unintended situation that provides data to a Domain Name Server that did not originate from authoritative DNS sources. It occur if DNS “spoofing attack” has been encountered. An attacker will send malicious data / non-secure data in response to a DNS query. For example dns query for www.linuxbabu.net can be redirected to www.redhat.com.

how do I find out if my DNS server is open to such attack or not?

Visit Dan Kaminsky java script page to check your DNS

You can also use following command dig command, enter:
$ dig +short @{name-server-ip} porttest.dns-oarc.net txt
$ dig +short @ns1.example.com porttest.dns-oarc.net txt
$ dig +short @208.67.222.222 porttest.dns-oarc.net txt
Sample output:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"208.67.222.222 is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

Another test,
$ dig +short @125.22.47.125 porttest.dns-oarc.net txtOutput:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"125.22.47.139 is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"


FIX :

Run yum update
yum updateOpen named.conf file and comment out following two lines:
query-source port 53;
query-source-v6 port 53;
Make sure recursion is limited to your LAN only. Set ACL. Restart bind to take effect:
rndc reload 

service named restart


Adding custom modules to apache for customapache : DirectAdmin

If you want to add any extra modules to apache, they’ll need to be compiled in. Any module that needs to be compiled in will have a –with-module type flag which will need to be used. To add this flag, run the following:

cd /usr/local/directadmin/customapache
vi configure.apache_ssl

#add your –with-module line to the end of the file,
# and make sure the character exists at the end of all lines except the last one.

./build clean
./build apache_mod_ssl

Then restart apache:
RedHat:

/sbin/service httpd restart

FreeBSD:

/usr/local/etc/rc.d/httpd restart

If you run into problems, you may also need to recompile php as well:

./build php

Then restart apache again.

DirectAdmin License Shows To Be Expired (Early License)

DirectAdmin is fully installed but we are unable to login and access the host.

Steps to try and resolve this problem.

Verify IP information bound to the host matches the data in /usr/local/directadmin/scripts/setup.txt

Confirm the date is correct.
# date
Sun Jan 4 03:14:22 CST 2004

If not then set the date with ‘rdate’ or ‘ntp’
# rdate -s time.nist.gov

Verify date is now correct.
# date
Thu Feb 3 17:44:23 CST 2005
Check and see if DA is now accessable.

If that does not work try the following.

cd /usr/local/directadmin/scripts
./getLicense.sh 123 1234
service directadmin restart

Where 123 and 1234 are your Client ID and License ID, respectively. If there are errrors extracting the update.tar.gz file, then run:
head -n 1 /usr/local/directadmin/conf/license.key

to search for an error. If there is an readable error inside the file, double check the IP you are using matches the IP in the license on our system.

semget: No space left on device

This relates to semaphores on your system (you’ve run out). Run the following to clear them out:

ipcs | grep apache | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

For cPanel servers :

ipcs | grep nobody | awk ‘{print $2}’ > sem.txt
for i in `cat sem.txt`; do { ipcrm -s $i; }; done;

 

Finally restart Apache :

/etc/init.d/httpd restart

Or 
service httpd restart

 

 

How do I view what exim is doing?

Exim comes with a utility called ‘exiwhat’ which will display what each instance of exim is currently involved with. The output will look similar to this:

root@server [~]# exiwhat
2118 daemon: -q1h, listening for SMTP on port 25 (IPv4)
2130 daemon: no queue runs, listening for SMTPS on port 465 (IPv4)
31640 handling incoming connection from [1.2.3.4]

Also, to monitor the exim log in realtime, you may use the tail command thusly:

tail -f /var/log/exim_mainlg

DirectAdmin : How to downgrade from apache 2 back to apache 1.3

If you need to go back to apache 1.3 after installing apache 2, you’ll need to do the following:

1) Restore the old httpd.conf file:

cp -f /etc/httpd/conf/httpd.conf.1.3.backup /etc/httpd/conf/httpd.conf

2) Get DirectAdmin to use the old httpd.conf files for the users. Edit the /usr/local/directadmin/conf/directadmin.conf file and change apache_ver=2.0 to apache_ver=1.3. Then type

echo “action=rewrite&value=ips” >> /usr/local/directadmin/data/task.queue

echo “action=rewrite&value=httpd” >> /usr/local/directadmin/data/task.queue

echo “action=directadmin&value=restart” >> /usr/local/directadmin/data/task.queue

3) Now you can recompile apache 1.3

rm -f /usr/lib/apache/*
cd /usr/local/directadmin/customapache
./build clean
./build all

4) Fix the modules link:

cd /etc/httpd

rm -f modules

ln -s /usr/lib/apache modules

5) Restore the old boot script:
FreeBSD:

cp -f /usr/local/directadmin/customapache/httpd_freebsd /usr/local/etc/rc.d/httpd

chmod 755 /usr/local/etc/rc.d/httpd

/usr/local/etc/rc.d/httpd restart

RedHat:

cp -f /usr/local/directadmin/customapache/httpd /etc/init.d/httpd
chmod 755 /etc/init.d/httpd
/etc/init.d/httpd restart

Updating your DirectAdmin License manually

If you need to update your DirectAdmin license manually, you can do so by running the following commands:

cd /usr/local/directadmin/scripts

./getLicense.sh 123 1234

service directadmin restart

Where 123 and 1234 are your Client ID and License ID, respectively. If there are errrors extracting the update.tar.gz file, then run:

head -n 1 /usr/local/directadmin/conf/license.key

to search for an error. If there is an readable error inside the file, double check the IP you are using matches the IP in the license on our system. Also check that it’s active in our clients section. Failing that, you’ll need to contact sales@directadmin.com to get your license activated or updated.

If you have multiple IPs on your device and wget is binding to the incorrect one, you can specify the IP to bind to by adding it as the last argument:

cd /usr/local/directadmin/scripts
./getLicense.sh 123 1234 1.2.3.4
service directadmin restart

Fatal error: Allowed memory size of 123456 bytes exhausted (tried to allocate 234567 bytes) in /path/file.php

Php is setup is to limit memory usage per process. If you require more, this limit can be increased.
Edit

/usr/local/lib/php.ini

If you are unsure about the php.ini path, You can find your server php.ini using command :

php -i | grep php.ini

Configuration File (php.ini) Path => /usr/local/lib

Loaded Configuration File => /usr/local/lib/php.ini

and set:

memory_limit = 8M ; Maximum amount of memory a script may consume (8MB)

to a higher value, like 20M. Save, exit, then restart apache.

DirectAdmin Apache won’t restart: [crit] (98)Address already in use: make_sock: could not bind to port 8090

 

Apache won’t restart: [crit] (98)Address already in use: make_sock: could not bind to port 8090

[crit] (98)Address already in use: make_sock: could not bind to port 8090
or
[crit] (98)Address already in use: make_sock: could not bind to port 443
or
[crit] (98)Address already in use: make_sock: could not bind to port 80

If you see this error in your /var/log/httpd/error_log, it would mean that apache isn’t shutting down completely before trying to restart. This means that the new process won’t be able to bind to the given ports because they’re still being used by the old copy of apache that wasn’t completely shut down.

To solve this, use a different boot script that will wait for all apache processes to stop before starting the new one:

cd /usr/local/directadmin/customapache
rm -f httpd*
./build update

Once you have the new scripts downloaded, you need to install them:

RedHat:

cp httpd /etc/init.d/httpd
chmod 755 /etc/init.d/httpd
chkconfig httpd reset

FreeBSD:

cp httpd_freebsd /usr/local/etc/rc.d/httpd
chmod 755 /usr/local/etc/rc.d/httpd