see also :
dig
Step 2
I think awk is not necessary. Unless I'm missing
something that code should do the trick:
#!/bin/bash
host=$1
ping -c1 $host > /dev/null 2> /dev/null
[[ $? == 0 ]] && echo "$host is up" || echo "$host is down/not reachable"
Here an example:
$ ./checkping www.google.com
www.google.com is up
$ ./checkping www.google.utld
www.google.utld is down/not reachable
Shorewall routes. (FAQ)
You want to redirect all local google.com connection requests to a server running in your local zone at 127.0.0.1 and listening on port 333. Your local interface is eth1.
Disclaimer; I've not done exactly this with Shorewall, so modified an example Squid server setup:
Add this entry to your /etc/shorewall/providers file.
#NAME NUMBER MARK DUPLICATE INTERFACE GATEWAY OPTIONS
foo 1 202 - eth1 127.0.0.1 loose
In /etc/shorewall/tcrules add:
#MARK SOURCE DEST PROTO DEST
# PORT(S)
202:P net:google.com 0.0.0.0/0 tcp 80
In /etc/shorewall/interfaces :
#ZONE INTERFACE BROADCAST OPTIONS
loc eth1 detect routeback
On localhost, arrange for the following command to be executed after networking has come up
iptables -t nat -A PREROUTING -i eth0 -d ! 127.0.0.1 -p tcp --dport 80 -j REDIRECT --to-ports 333
Yes, you can use nsupdate in your
/etc/network/if-up.d/ directory.
For example
echo -e "server ns1.domain\n zone domain\n update delete test.domain\n update add test.domain 600 A 10.1.1.188\n send" | nsupdate
In long form, this is:
nsupdate
> server ns1.domain
> zone domain
> update delete test.domain
> update add test.domain 600 A 10.1.1.188
> send
So this saying
On the name server, you will need to allow updates, which in bind is the directive:
allow-update { 10.10.10.0/24; };
This would allow updates from the 10.10.10.0/24 network
A method that works with all browsers is to set up a proxy server, such as Privoxy or Squid, that has the ability to rewrite requests. When a HTTP proxy server is used, the full URL is sent to the proxy without performing any name resolution.
You can block the website's IP using an iptables rule. Something along the flavor provided below.
iptables -A OUTPUT -d 0.0.0.0 -j DROP
Just replace the zeros with the IP of the website you wish to deny access to. This syntax also supports a wildcard. By typing an IP with a zero in it, you are effectively blocking the entire span of that field. For example, 192.168.13.0 references the IP range of 192.168.13.1 to 192.168.13.254.
In addition to blocking by IP, you can also block by hostname using this same syntax. Just change the IP address to the domain name and it'll do the rest of the work for you.
So you can do all of what you wanted in iptables (freeing up your hosts file from needless records).
If you know you are 'ssh'ed, but don't know from where, try
w
at a command-line. The output includes a FROM field which may be useful.
Maybe something like this would solve your problem: http://www.getconcentrating.com/?
That's because echo is being run as root, but the
shell is the one actually performing the redirection. You need to
spawn a new shell for this to work:
sudo -- sh -c "echo test >> /etc/hosts"
Edit: I haven't seen the fact that the > redirect
works; I can't explain that.
Remove the first two nameserver entries from
/etc/resolv.conf if they do not know about hosts on
your LAN or about the domain used locally.
The NXDOMAIN response might be because
gateway.2wire.net isn't a registered domain name
that can be used on the internet.
$ dig gateway.2wire.net any
; <<>> DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 <<>> gateway.2wire.net any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7984
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;gateway.2wire.net. IN ANY
;; AUTHORITY SECTION:
2wire.net. 1200 IN SOA ns1.2wire.com. hostmaster.2wire.com. 2007041700 3600 600 604800 1200
;; Query time: 209 msec
;; SERVER: 10.0.0.9#53(10.0.0.9)
;; WHEN: Tue Aug 30 13:29:23 2011
;; MSG SIZE rcvd: 95
Note that the authoritative nameservers for
2wire.net say there is no such domain as
gateway.2wire.net. I guess it is a convenience used
by 2wire products at the LAN level only.
8.8.8.8 is a Google nameserver and should not be expected to know about hosts on your private LAN and the somewhat strange configuration choices made by your 2wire router.
The name of the computer thefourthtower should appear in it's own
/etc/hosts table (which you should arrange to be
consulted before DNS) and really ought to be known to the DNS
nameserver on your LAN (i.e. your 2wire router).
Does your /etc/nsswitch.conf contain hosts:
files dns ?
First of all, are you running this from home? Big chance is that if you are your ISP does not allow certain connections or has a firewall installed in your router.
EDIT:
Check your iptables
You have answered your own question!
The /etc/hosts file is a one-to-one mapping between
a hostname (not a collection of them) to a particular IP address.
Consider putting this into /etc/hosts file
127.0.0.1 *.com
/etc/hostname should have just foo
/etc/hosts looks fine
/etc/resolv.conf should probably be
example.com for both, depending on your use case.
Note that you named it /etc/resolf.conf and it
should be v and not f
I don't know about domainname
No. /etc/hosts can only be used to map hostnames to
IP addresses; you will need to set up a web server that performs
the redirect to the port.
Most OSes will resolve from their hosts file before
they try finding a DNS server. If you remove (or comment out)
that line from hosts, it will then query the DNS
server and find that it's a remote IP.
You may also have to change the hostname, if it's
set to the same, as hostname may be used to resolve
IPs as well (at least by some systems in Linux).
hosts.conf man page - See more information
about the order directive.
host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given, host prints a short summary of its command line arguments and options.
name is the domain name that is to be looked up. It can also be a dotted-decimal IPv4 address or a colon-delimited IPv6 address, in which case host will by default perform a reverse lookup for that address. server is an optional argument which is either the name or IP address of the name server that host should query instead of the server or servers listed in /etc/resolv.conf.
The -a (all) option is equivalent to setting the -v option and asking host to make a query of type ANY.
When the -C option is used, host will attempt to display the SOA records for zone name from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone.
The -c option instructs to make a DNS query of class class. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is IN (Internet).
Verbose output is generated by host when the -d or -v option is used. The two options are equivalent. They have been provided for backwards compatibility. In previous versions, the -d option switched on debugging traces and -v enabled verbose output.
List mode is selected by the -l option. This makes host perform a zone transfer for zone name. Transfer the zone printing out the NS, PTR and address records (A/AAAA). If combined with -a all records will be printed.
The -i option specifies that reverse lookups of IPv6 addresses should use the IP6.INT domain as defined in RFC1886. The default is to use IP6.ARPA.
The -N option sets the number of dots that have to be in name for it to be considered absolute. The default value is that defined using the ndots statement in /etc/resolv.conf, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the search or domain directive in /etc/resolv.conf.
The number of UDP retries for a lookup can be changed with the -R option. number indicates how many times host will repeat a query that does not get answered. The default number of retries is 1. If number is negative or zero, the number of retries will default to 1.
Non-recursive queries can be made via the -r option. Setting this option clears the RD — recursion desired — bit in the query which host makes. This should mean that the name server receiving the query will not attempt to resolve name. The -r option enables host to mimic the behavior of a name server by making non-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
By default, host uses UDP when making queries. The -T option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
The -4 option forces host to only use IPv4 query transport. The -6 option forces host to only use IPv6 query transport.
The -t option is used to select the query type. type can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified, host automatically selects an appropriate query type. By default, it looks for A, AAAA, and MX records, but if the -C option was given, queries will be made for SOA records, and if name is a dotted-decimal IPv4 address or colon-delimited IPv6 address, host will query for PTR records. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e.g. -t IXFR=12345678).
The time to wait for a reply can be controlled through the -W and -w options. The -W option makes host wait for wait seconds. If wait is less than one, the wait interval is set to one second. When the -w option is used, host will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware’s maximum value for an integer quantity.
The -s option tells host not to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior.
The -m can be used to set the memory usage debugging flags record, usage and trace.
Copyright © 2004, 2005, 2007-2009 Internet Systems Consortium,
Inc. ("ISC")
Copyright © 2000-2002 Internet Software Consortium.
/etc/resolv.conf
If host has been built with IDN (internationalized domain name) support, it can accept and display non-ASCII domain names. host appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you’d like to turn off the IDN support for some reason, defines the IDN_DISABLE environment variable. The IDN support is disabled if the variable is set when host runs.
dig , named.