Dig

DNS Lookup using DIGdigging-a-hole

Here is how you do DNS lookups from your *nix host…

Host record:

$ dig www.lexhw.nl +noall +answer

; <<>> DiG 9.8.3-P1 <<>> www.lexhw.nl +noall +answer

;; global options: +cmd

www.lexhw.nl. 1315 IN A 185.56.145.31

 

Reverse lookup:

$ dig -x 185.56.145.31 +noall +answer

; <<>> DiG 9.8.3-P1 <<>> -x 185.56.145.31 +noall +answer

;; global options: +cmd

31.145.56.185.in-addr.arpa. 3599 IN PTR www76.totaalholding.nl.

31.145.56.185.in-addr.arpa. 3599 IN PTR filter02-out9.totaalholding.nl.

 

All records:

$ dig -t ANY lexhw.nl +noall +answer

;; Truncated, retrying in TCP mode.

; <<>> DiG 9.8.3-P1 <<>> -t ANY lexhw.nl +noall +answer

;; global options: +cmd

lexhw.nl. 3599 IN A 185.56.145.31

lexhw.nl. 3599 IN NS sandra.neostrada.nl.

lexhw.nl. 3599 IN NS christina.neostrada.nl.

lexhw.nl. 3599 IN NS lisa.neostrada.nl.

lexhw.nl. 3599 IN SOA sandra.neostrada.nl. hostmaster.neostrada.nl. 2016102504 10800 3600 604800 3600

lexhw.nl. 3599 IN MX 10 mail.lexhw.nl.

lexhw.nl. 3599 IN TXT “v=spf1 a mx include:spf.totaalholding.nl ip4:185.56.145.31 ?all”

lexhw.nl. 3599 IN NSEC3PARAM 1 0 10 BEEF

 

Mail records only:

$ dig -t MX lexhw.nl +noall +answer

; <<>> DiG 9.8.3-P1 <<>> -t MX lexhw.nl +noall +answer

;; global options: +cmd

lexhw.nl. 3599 IN MX 10 mail.lexhw.nl.

 

Use specific nameserver:

$ dig @8.8.8.8 www.lexhw.nl +noall +answer

; <<>> DiG 9.8.3-P1 <<>> @8.8.8.8 www.lexhw.nl +noall +answer

; (1 server found)

;; global options: +cmd

www.lexhw.nl. 3599 IN A 185.56.145.31

 

 

Hits: 27

Let's use bash shortcuts

Command Editing Shortcuts

  • Ctrl + a – go to the start of the command line
  • Ctrl + e – go to the end of the command line
  • Ctrl + k – delete from cursor to the end of the command line
  • Ctrl + u – delete from cursor to the start of the command line
  • Ctrl + w – delete from cursor to start of word (i.e. delete backwards one word)
  • Ctrl + y – paste word or text that was cut using one of the deletion shortcuts (such as the one above) after the cursor
  • Ctrl + xx – move between start of command line and current cursor position (and back again)
  • Alt + b – move backward one word (or go to start of word the cursor is currently on)
  • Alt + f – move forward one word (or go to end of word the cursor is currently on)
  • Alt + d – delete to end of word starting at cursor (whole word if cursor is at the beginning of word)
  • Alt + c – capitalize to end of word starting at cursor (whole word if cursor is at the beginning of word)
  • Alt + u – make uppercase from cursor to end of word
  • Alt + l – make lowercase from cursor to end of word
  • Alt + t – swap current word with previous
  • Ctrl + f – move forward one character
  • Ctrl + b – move backward one character
  • Ctrl + d – delete character under the cursor
  • Ctrl + h – delete character before the cursor
  • Ctrl + t – swap character under cursor with the previous one

Hits: 37

XTM management tunnel via SSL notes

A. In WSC -> Management server -> CRL distribution list:
1st ip address is private ip of mgmt server, 2nd ip is public ip of mgmt server.

B. In Mgmt server on the mgmt server’s nat firebox:
Tab Mgmt tunnels: SSL Only, VPN resource use the trusted network where the server is located, not HUB network.

C. On the remote XTM in Policy Manager > Setup > Managed Device Settings, 1st ip should be private ip of the mgmt server, 2nd the public ip. match Management Tunnel Tab settings with those of remote device on the mgmt server…

Hits: 31

Lost Connection from XCS to XTM – mail delivery

Problem: XCS Gateway logs ‘Lost connection’ and can not deliver mail via XTM to Exchange server.
Answer: EIther disable IPS for these polices or allow signature ID 1054235

XTM log shows:

FWIPS
IPS detected
pri=4
disp=Deny
policy=Inbound-SMTP-from-abc-xcs-01-to-abc-htc-01-00
protocol=smtp/tcp
src_ip=192.168.82.186
src_port=64996
dst_ip=172.17.1.80
dst_port=25
src_intf=2-DMZ1
dst_intf=3-Trusted
rc=301
pckt_len=1372
ttl=63
pr_info=offset 8 A 3420954431 win 34848
signature_name=SMTP Ipswitch IMail Server List Mailer Reply-To Address Buffer Overflow
signature_id=1054235
signature_cat=Buffer Over Flow
severity=4

 

Hits: 74