β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ FRESH PREMIUM PROXIES FROM 1 HOUR
Proxy IP Proxy Port Last Check Proxy Speed Uptime Proxy Country Anonymity YouTube
106.14.173.173 8080 1 hour ago
2737 ms 11% (76) cn China - Hangzhou Elite -
103.216.82.52 6666 1 hour ago
2754 ms 5% (80) in India - Ahmedabad Elite -
118.193.34.56 8080 1 hour ago
2882 ms 5% (86) cn China Elite -
221.2.175.238 8060 1 hour ago
1800 ms 4% (91) cn China - Weihai Elite -
187.177.139.8 8080 1 hour ago
3504 ms 14% (67) mx Mexico - Toluca Elite -
35.222.208.56 3128 1 hour ago
474 ms 28% (73) us United States Elite -
223.68.190.130 8181 1 hour ago
2614 ms 16% (71) cn China - Yangzhou Elite -
202.137.28.92 5050 1 hour ago
3410 ms 16% (69) id Indonesia - Jakarta Elite -
36.92.55.50 80 1 hour ago
4552 ms 6% (88) id Indonesia Elite -
60.251.40.84 1080 1 hour ago
681 ms 18% (75) tw Taiwan - Keelung Elite -
80.187.140.26 80 1 hour ago
779 ms 84% (54) de Germany Elite -
80.241.222.137 80 1 hour ago
632 ms 98% (49) de Germany - Munich Elite -
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ FRESH PREMIUM PROXIES FROM 1 HOUR
Proxy IP Proxy Port Last Check Proxy Speed Uptime Proxy Country Anonymity YouTube
106.14.173.173 8080 1 hour ago
2737 ms 11% (76) cn China - Hangzhou Elite -
103.216.82.52 6666 1 hour ago
2754 ms 5% (80) in India - Ahmedabad Elite -
118.193.34.56 8080 1 hour ago
2882 ms 5% (86) cn China Elite -
221.2.175.238 8060 1 hour ago
1800 ms 4% (91) cn China - Weihai Elite -
187.177.139.8 8080 1 hour ago
3504 ms 14% (67) mx Mexico - Toluca Elite -
35.222.208.56 3128 1 hour ago
474 ms 28% (73) us United States Elite -
223.68.190.130 8181 1 hour ago
2614 ms 16% (71) cn China - Yangzhou Elite -
202.137.28.92 5050 1 hour ago
3410 ms 16% (69) id Indonesia - Jakarta Elite -
36.92.55.50 80 1 hour ago
4552 ms 6% (88) id Indonesia Elite -
60.251.40.84 1080 1 hour ago
681 ms 18% (75) tw Taiwan - Keelung Elite -
80.187.140.26 80 1 hour ago
779 ms 84% (54) de Germany Elite -
80.241.222.137 80 1 hour ago
632 ms 98% (49) de Germany - Munich Elite -
@UndercodeTesting
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ Bin For Twitter Ads - SEND SCREANSHOAT FOR MORE :
Bin: 5262845xxx262xxx
Country: USA πΊπΈ
Currency: USD$
RAND
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
Bin: 5262845xxx262xxx
Country: USA πΊπΈ
Currency: USD$
RAND
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ > SERVER SECURITY > TIPS 2 :
T.me/UndercodeTesting
A useful function of the network where this machine is located 12, BIND domain name server (use with caution !!!):
Control management interface controls section syntax Format:
controls {
[inet ip_addr
port ip_port
allow {;};]
[unix path_name
perm number
owner number
group number;]
}; The control
section provides a management interface. If the first type (inet) is used, it will
listen on the specified IP (interface) and port, but only allow to restrict the list of allowed IP addresses in allow. If the second type
(unix) is used, a FIFO control pipeline is generated, and the authority, owner, and user group are defined by their parameters.
--- [[Authentication and Verification of Area Record Transmission by TSIG]] ---------------------------
First of all, please make sure your BIND domain name server software has been updated to the latest version!
In BIND 8.2+, Transaction Signatures (TSIG!) Can be used
to verify and verify the area record data. It requires that an
encryption key be configured on the primary and secondary domain name servers , and notify the server to use the key to communicate with other domain name servers. (Note that the
use of TSIG requires that the domain name server must be clock synchronized!)
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ > SERVER SECURITY > TIPS 2 :
T.me/UndercodeTesting
A useful function of the network where this machine is located 12, BIND domain name server (use with caution !!!):
Control management interface controls section syntax Format:
controls {
[inet ip_addr
port ip_port
allow {;};]
[unix path_name
perm number
owner number
group number;]
}; The control
section provides a management interface. If the first type (inet) is used, it will
listen on the specified IP (interface) and port, but only allow to restrict the list of allowed IP addresses in allow. If the second type
(unix) is used, a FIFO control pipeline is generated, and the authority, owner, and user group are defined by their parameters.
--- [[Authentication and Verification of Area Record Transmission by TSIG]] ---------------------------
First of all, please make sure your BIND domain name server software has been updated to the latest version!
In BIND 8.2+, Transaction Signatures (TSIG!) Can be used
to verify and verify the area record data. It requires that an
encryption key be configured on the primary and secondary domain name servers , and notify the server to use the key to communicate with other domain name servers. (Note that the
use of TSIG requires that the domain name server must be clock synchronized!)
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security by undercode tip 3 :
A. If you need to use TSIG signatures to manually update the secure DNS database, the specific steps are very simple:
1. Use the dnskeygen tool that comes with BIND to generate TSIG keys .
# dnskeygen -H 128 -h -n tsig-key.
Two files will be generated. '' Ktsig-key. + 157 + 00000.key '' reads as follows:
tsig-key. IN KEY 513 3 157 awwLOtRfpGE + rRKF2 + DEiw ==
'' Kvip-key. + 157 + 00000.private '' reads as follows:
Private-key-format: v1.2 Algorithm: 157 (HMAC) Key: awwLOtRfpGE + rRKF2 + DEiw ==
Note that these keys have been BASE64 encoded. Put them in the configuration file of the local domain name server. For example
:
key tsig-key. {Algorithm hmac-md5; secret "" awwLOtRfpGE + rRKF2 + DEiw == "";};
zone "" dns.nsfocus.com "" {
...
...
allow-update {key tsig-key.;};
}
Remember to restart the named daemon.
γγThen copy the two key files to the client system (or secondary domain name server), for example, / var
/ named / tsig directory. Finally, run the following command:
nsupdate -k / var / named / tsig: tsig-key.
2. The content of the main domain name server configuration file (excerpt) is as follows:
// Define the authentication method and shared key
key master-slave {
algorithm hmac-md5;
secret "" mZiMNOUYQPMNwsDzrX2ENw == "";
};
// Define the auxiliary domain name Some features of the
server server 192.168.8.18 {
transfer-format many-answers;
keys {master-slave;};
};
// zone record definition
zone "" nsfocus.com "" {
type master;
file db.nsfocus.com;
allow-transfer {192.168.8.18;};
};
3. The content of the auxiliary domain name server configuration file (excerpt) is as follows:
// Define the authentication method and shared key
key master-slave {
algorithm hmac-md5;
secret "" mZiMNOUYQPMNwsDzrX2ENw == "";
};
// Define some characteristics when communicating with the main domain name server
server 192.168.8.19 {
transfer-format many-answers;
keys {master-slave;};
};
// zone record definition
zone "" nsfocus.com "" {
type slave;
file "" bak.db.nsfocus.com " ";
masters {192.168.8.19;};
allow-transfer {none;};
};
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security by undercode tip 3 :
A. If you need to use TSIG signatures to manually update the secure DNS database, the specific steps are very simple:
1. Use the dnskeygen tool that comes with BIND to generate TSIG keys .
# dnskeygen -H 128 -h -n tsig-key.
Two files will be generated. '' Ktsig-key. + 157 + 00000.key '' reads as follows:
tsig-key. IN KEY 513 3 157 awwLOtRfpGE + rRKF2 + DEiw ==
'' Kvip-key. + 157 + 00000.private '' reads as follows:
Private-key-format: v1.2 Algorithm: 157 (HMAC) Key: awwLOtRfpGE + rRKF2 + DEiw ==
Note that these keys have been BASE64 encoded. Put them in the configuration file of the local domain name server. For example
:
key tsig-key. {Algorithm hmac-md5; secret "" awwLOtRfpGE + rRKF2 + DEiw == "";};
zone "" dns.nsfocus.com "" {
...
...
allow-update {key tsig-key.;};
}
Remember to restart the named daemon.
γγThen copy the two key files to the client system (or secondary domain name server), for example, / var
/ named / tsig directory. Finally, run the following command:
nsupdate -k / var / named / tsig: tsig-key.
2. The content of the main domain name server configuration file (excerpt) is as follows:
// Define the authentication method and shared key
key master-slave {
algorithm hmac-md5;
secret "" mZiMNOUYQPMNwsDzrX2ENw == "";
};
// Define the auxiliary domain name Some features of the
server server 192.168.8.18 {
transfer-format many-answers;
keys {master-slave;};
};
// zone record definition
zone "" nsfocus.com "" {
type master;
file db.nsfocus.com;
allow-transfer {192.168.8.18;};
};
3. The content of the auxiliary domain name server configuration file (excerpt) is as follows:
// Define the authentication method and shared key
key master-slave {
algorithm hmac-md5;
secret "" mZiMNOUYQPMNwsDzrX2ENw == "";
};
// Define some characteristics when communicating with the main domain name server
server 192.168.8.19 {
transfer-format many-answers;
keys {master-slave;};
};
// zone record definition
zone "" nsfocus.com "" {
type slave;
file "" bak.db.nsfocus.com " ";
masters {192.168.8.19;};
allow-transfer {none;};
};
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security tip 4
--- [[implement DNSSec function]] -------------------- ----------------------------- To be
1) honest, I have been thinking about whether to implement the DNSSec function in the current version. Because although ISC
has added DNSSec implementation after BIND 8.1.x version, the actual application is not common, and
2) the NXT remote security vulnerability announced last year is related to DNSSec (in fact, NXT is one of the functions implemented by DNSSec).
Finally, I decided not to discuss how to implement the DNSSec security function in this article.
3) But it is undeniable that DNSSec is indeed a good security technology, which improves the
security of DNS services by encrypting DNS data . The master encryption key is used to encrypt and sign the encryption key of the first-level domain
name .
4) The first-level domain name (.com,.
For example, the domain name server of exmaple.com is signed by the .com domain key, and the nsfocus.com domain key is used to
encrypt and sign the www.example.com domain name.
stsite.com
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security tip 4
--- [[implement DNSSec function]] -------------------- ----------------------------- To be
1) honest, I have been thinking about whether to implement the DNSSec function in the current version. Because although ISC
has added DNSSec implementation after BIND 8.1.x version, the actual application is not common, and
2) the NXT remote security vulnerability announced last year is related to DNSSec (in fact, NXT is one of the functions implemented by DNSSec).
Finally, I decided not to discuss how to implement the DNSSec security function in this article.
3) But it is undeniable that DNSSec is indeed a good security technology, which improves the
security of DNS services by encrypting DNS data . The master encryption key is used to encrypt and sign the encryption key of the first-level domain
name .
4) The first-level domain name (.com,.
For example, the domain name server of exmaple.com is signed by the .com domain key, and the nsfocus.com domain key is used to
encrypt and sign the www.example.com domain name.
stsite.com
written by Undercode
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
β β β ο½ππ»βΊπ«Δπ¬πβ β β β
π¦ server security tip 5 by Undercode"::
--- [[Realize BIND's chroot]] ---------------
(Take FreeBSD system platform as an example)
Step 1: Get and install the latest source code version of BIND-8,
please go to The ISC FTP site downloads the latest version of BIND.
BIND 8: http://www.isc.org/products/BIND/bind8.html
BIND 9: http://www.isc.org/products/BIND/bind9.html
Step 2: Construct a static named And named-xfer binaries
After compilation and installation, you need to construct a statically linked version of the executable file. Simply
modify the Makefile.set file in the% BIND% / src / port / freebsd directory.
γγModify the content of the file:
'' CDEBUG = -O2 -g ''
Replace with:
'' CDEBUG = -O2 -static ''
Switch to the source code path of BIND, execute "" make clean "" and "" make "" command.
In the following steps, these files will be copied to the chroot () directory.
# cd / tmp / bind / src
# make clean; make
The static link execution file constructed in this step does not need to load the dynamic link library at runtime. In a chroot ()
environment, this "stand-alone" executable file avoids the problem of missing link library files. It
does not require any static link library in the chroot () environment, which can simplify the service configuration. All other network daemons can also
compile and use this statically linked version.
Step 3: Construct the BIND directory Construct the BIND directory
for the chroot () environment. This directory will be treated as the system
root directory by BIND in the chroot () environment . Here I use / chroot / bind as the root directory after chroot.
# cd / chroot / bind
# mkdir / chroot
# mkdir / chroot / dev
# mkdir / chroot / etc
# mkdir / chroot / etc / namedb
# mkdir / chroot / usr
# mkdir / chroot / usr / sbin
# mkdir / chroot / var
# mkdir / chroot / var / run
γγneeds to copy the following files to the corresponding subdirectories under it, and perform some necessary processing:
# cp /etc/namedb/named.conf / chroot / bind / etc /
# cp / etc / localtime / chroot / bind / etc /
# grep bind / etc / group> / chroot / bind / etc / group
# cp -R / etc / namedb / / chroot / bind / etc / namedb /
# mknod / chroot / bind / dev / null c 2 2
# chmod 666 / chroot / bin / dev / null
# cp / tmp / bind / src / bin / named / named / chroot / bind / usr / sbin /
# cp / tmp / bind / src / bin / named-xfer / named-xfer / chroot / bind /
In addition, you can also specify the logging directory (such as / var / log), please refer to the following chapter or
the man page of named.conf.
Step 4: Add bind users and groups (if not. If there are already users
or groups like bind or named , skip this step.)
Add bind users and groups in / etc / passwd and / etc / group files . They are
the UID / GID when the DNS server is running .
At this point, you can execute the "" chown -R bind.bind / chroot / bind / etc /
namedb "" command in the chroot environment . In this way, when you send an interrupt signal (kill -INT) to the system, the named process can save the
server cache and statistics. If the directory is owned by root, the named process cannot write output to the directory
, but it does not affect the named server function. Another option is to only change directory permissions (so that named users
have write permissions), while the owner is still root. This method is also feasible, but must be carefully set to ensure that
Its users will not modify named records!
*** Important warning ***
Do not run named with an existing UID / GID (such as "" nobody ""). Remember,
using any existing UID / GID in a chroot environment may affect the security of the service. You must develop the habit of
providing a separate UID / GID for each daemon in the chroot environment.
Step 5: Other necessary adjustments
γγIf additional directories and files are specified in named.conf, they should also be set accordingly in the chroot () environment
(in this case, / chroot / bind / directory).
π¦ server security tip 5 by Undercode"::
--- [[Realize BIND's chroot]] ---------------
(Take FreeBSD system platform as an example)
Step 1: Get and install the latest source code version of BIND-8,
please go to The ISC FTP site downloads the latest version of BIND.
BIND 8: http://www.isc.org/products/BIND/bind8.html
BIND 9: http://www.isc.org/products/BIND/bind9.html
Step 2: Construct a static named And named-xfer binaries
After compilation and installation, you need to construct a statically linked version of the executable file. Simply
modify the Makefile.set file in the% BIND% / src / port / freebsd directory.
γγModify the content of the file:
'' CDEBUG = -O2 -g ''
Replace with:
'' CDEBUG = -O2 -static ''
Switch to the source code path of BIND, execute "" make clean "" and "" make "" command.
In the following steps, these files will be copied to the chroot () directory.
# cd / tmp / bind / src
# make clean; make
The static link execution file constructed in this step does not need to load the dynamic link library at runtime. In a chroot ()
environment, this "stand-alone" executable file avoids the problem of missing link library files. It
does not require any static link library in the chroot () environment, which can simplify the service configuration. All other network daemons can also
compile and use this statically linked version.
Step 3: Construct the BIND directory Construct the BIND directory
for the chroot () environment. This directory will be treated as the system
root directory by BIND in the chroot () environment . Here I use / chroot / bind as the root directory after chroot.
# cd / chroot / bind
# mkdir / chroot
# mkdir / chroot / dev
# mkdir / chroot / etc
# mkdir / chroot / etc / namedb
# mkdir / chroot / usr
# mkdir / chroot / usr / sbin
# mkdir / chroot / var
# mkdir / chroot / var / run
γγneeds to copy the following files to the corresponding subdirectories under it, and perform some necessary processing:
# cp /etc/namedb/named.conf / chroot / bind / etc /
# cp / etc / localtime / chroot / bind / etc /
# grep bind / etc / group> / chroot / bind / etc / group
# cp -R / etc / namedb / / chroot / bind / etc / namedb /
# mknod / chroot / bind / dev / null c 2 2
# chmod 666 / chroot / bin / dev / null
# cp / tmp / bind / src / bin / named / named / chroot / bind / usr / sbin /
# cp / tmp / bind / src / bin / named-xfer / named-xfer / chroot / bind /
In addition, you can also specify the logging directory (such as / var / log), please refer to the following chapter or
the man page of named.conf.
Step 4: Add bind users and groups (if not. If there are already users
or groups like bind or named , skip this step.)
Add bind users and groups in / etc / passwd and / etc / group files . They are
the UID / GID when the DNS server is running .
At this point, you can execute the "" chown -R bind.bind / chroot / bind / etc /
namedb "" command in the chroot environment . In this way, when you send an interrupt signal (kill -INT) to the system, the named process can save the
server cache and statistics. If the directory is owned by root, the named process cannot write output to the directory
, but it does not affect the named server function. Another option is to only change directory permissions (so that named users
have write permissions), while the owner is still root. This method is also feasible, but must be carefully set to ensure that
Its users will not modify named records!
*** Important warning ***
Do not run named with an existing UID / GID (such as "" nobody ""). Remember,
using any existing UID / GID in a chroot environment may affect the security of the service. You must develop the habit of
providing a separate UID / GID for each daemon in the chroot environment.
Step 5: Other necessary adjustments
γγIf additional directories and files are specified in named.conf, they should also be set accordingly in the chroot () environment
(in this case, / chroot / bind / directory).