Posts Tagged ‘shell’

# enable new Quad9 (9.9.9.9) DNS and DNSSEC service 
# in Ubuntu 17.10 64-bit using a bash shell script
sudo apt purge unbound
LogTime=$(date '+%Y-%m-%d_%Hh%Mm%Ss')
cp /etc/resolv.conf $HOME/resolv.conf_$LogTime
cp /etc/nsswitch.conf $HOME/nsswitch.conf_$LogTime
cp /etc/systemd/resolved.conf $HOME/resolved.conf_$LogTime

sudo service resolvconf stop
sudo update-rc.d resolvconf remove
cp /etc/resolv.conf /tmp/resolv.conf
grep -v nameserver /tmp/resolv.conf > /tmp/resolv.conf.1
echo 'nameserver 9.9.9.9' >> /tmp/resolv.conf.1
sudo cp /tmp/resolv.conf.1 /etc/resolv.conf
sudo service resolvconf start

# enable systemd caching DNS resolver
rm /tmp/nsswitch.conf
rm /tmp/nsswitch.conf.1
cp /etc/nsswitch.conf /tmp/nsswitch.conf
grep -v hosts /tmp/nsswitch.conf > /tmp/nsswitch.conf.1
# dns must be mentioned in next line, or else wget does not work
echo 'hosts: files mdns4_minimal [NOTFOUND=return] resolv dns myhostname mymachines' >> /tmp/nsswitch.conf.1
sudo cp /tmp/nsswitch.conf.1 /etc/nsswitch.conf

# set DNS server to 9.9.9.9
rm /tmp/resolved.conf
rm /tmp/resolved.conf.1
cp /etc/systemd/resolved.conf /tmp/resolved.conf
grep -v DNS /tmp/resolved.conf > /tmp/resolved.conf.1
# enable new Quad9 (9.9.9.9) DNS and DNSSEC service
# https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/
echo 'DNS=9.9.9.9' >> /tmp/resolved.conf.1
echo 'DNSSEC=yes' >> /tmp/resolved.conf.1
sudo cp /tmp/resolved.conf.1 /etc/systemd/resolved.conf
sudo systemd-resolve --flush-caches
sudo systemctl restart systemd-resolved
sudo systemd-resolve --flush-caches
sudo systemd-resolve --status

# It is probably also necessary to manually set
# the DNS server to 9.9.9.9 in the router's configuration
# and in the NetworkManager GUI

# test DNSSEC validation using dig command-line tool and using DNS server 9.9.9.9:
# see: https://docs.menandmice.com/display/MM/How+to+test+DNSSEC+validation
dig pir.org +dnssec +multi
Advertisements
cd
sudo apt update
sudo apt install cmake build-essential
sudo apt install checkinstall git
sudo apt remove hashcat
sudo apt build-dep hashcat
sudo rm -rf hashcat/
git clone https://github.com/hashcat/hashcat.git
cd hashcat
git submodule update --init
sudo make
sudo checkinstall
hashcat --version
# hashcat version should be v3.5.0 or newer