Difference between revisions of "Denied DNS Requests"
From James Dooley's Wiki
(Created page with "==Overview== Find denied queries against DNS, good for finding sites that are no longer hosted or do not have valid DNS records. ==Script== <code>[bash,n] cat /var/log/messages ...") |
|||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:One Liners]] | ||
==Overview== | ==Overview== | ||
Find denied queries against DNS, good for finding sites that are no longer hosted or do not have valid DNS records. | Find denied queries against DNS, good for finding sites that are no longer hosted or do not have valid DNS records. | ||
| − | == | + | ==Get top denied domains== |
| − | < | + | <syntaxhighlight lang='bash'> |
| + | cat /var/log/messages | grep named | grep denied | cut -d "'" -f2 | cut -d "/" -f1 | sort | uniq -ci | sort -nr | head | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | ==Get all denied domains== | ||
| + | <source lang='bash'> | ||
cat /var/log/messages | grep named | grep denied | cut -d "'" -f2 | cut -d "/" -f1 | sort | uniq -ci | sort -nr > /root/denied_dns.txt | cat /var/log/messages | grep named | grep denied | cut -d "'" -f2 | cut -d "/" -f1 | sort | uniq -ci | sort -nr > /root/denied_dns.txt | ||
| − | </ | + | </source> |
| + | |||
| + | ==Create dummy zone for a single domain== | ||
| + | <source lang='bash'> | ||
| + | /scripts/add_dns --domain $domain --ip 127.0.0.1 | ||
| + | </source> | ||
| + | |||
| + | ==Create dummy zone for the top 10 domains== | ||
| + | |||
| + | This will create a zone file using cPanels add_dns script and point it to 127.0.0.1 for the top 10 domains. | ||
| + | |||
| + | <source lang='bash'> | ||
| + | cp -r /var/named /var/named.bak | ||
| + | for domain in $(head /root/denied_dns.txt | awk '{print $2}' | sed 's/www\.//'); do echo "Adding $domain"; /scripts/add_dns --domain $domain --ip 127.0.0.1; done | ||
| + | </source> | ||
Latest revision as of 13:06, 6 June 2017
Contents
Overview
Find denied queries against DNS, good for finding sites that are no longer hosted or do not have valid DNS records.
Get top denied domains
cat /var/log/messages | grep named | grep denied | cut -d "'" -f2 | cut -d "/" -f1 | sort | uniq -ci | sort -nr | head
Get all denied domains
cat /var/log/messages | grep named | grep denied | cut -d "'" -f2 | cut -d "/" -f1 | sort | uniq -ci | sort -nr > /root/denied_dns.txt
Create dummy zone for a single domain
/scripts/add_dns --domain $domain --ip 127.0.0.1
Create dummy zone for the top 10 domains
This will create a zone file using cPanels add_dns script and point it to 127.0.0.1 for the top 10 domains.
cp -r /var/named /var/named.bak
for domain in $(head /root/denied_dns.txt | awk '{print $2}' | sed 's/www\.//'); do echo "Adding $domain"; /scripts/add_dns --domain $domain --ip 127.0.0.1; done
