Hi All. For me this is a strange one. I've recently set up an internal DNS server at work to support using short names for our intranet websites & other internal devices. I did this so I wouldn't have to alter peoples hosts file every time I added, removed or (for whatever reason) changed the IP of a service.
Since setting up this name server and altering the DHCP server to give it out instead of the DNSs supplied by our ISP, nobody can access any secure sites (banking, airline bookings etc). When I changed it back to our ISP supplied DNSs everything worked normally again.
I can only assume I've made an error setting up the DNS.
I'm using Bind 9.2.4 on Debian 3.1 (testing)
The DNS box runs at 192.168.0.253.
The router to the internet is at 192.168.0.254
Configuration files follow:
named.conf
Code:
include "/etc/bind/named.conf.options";
zone "." {
type hint;
file "/etc/bind/db.root";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
include "/etc/bind/named.conf.local";
named.conf.options
Code:
options {
directory "/etc/bind";
listen-on port 53 { 127.0.0.1; 192.168.0.253; };
listen-on-v6 { none; };
allow-query { 127.0.0.1; 192.168.0.0/24; };
notify no;
forwarders {
203.12.160.35;
203.12.160.36;
};
auth-nxdomain no;
};
named.conf.local
Code:
zone "our-domain.sanitised" {
type master;
file "our-domain.sanitised";
};
zone "0.168.192.in-addr.arpa" {
type master;
file "192.168.0";
};
our-domain.sanitised
Code:
$TTL 1M
@ IN SOA ns1.our-domain.sanitised. me.our-domain.sanitised. (
200502241 ; serial
8H
2H
1W
1D )
NS ns1
IN A [our public ip - matches delegated NS entry]
www A [our externally hosted www server]
router A 192.168.0.254
ns1 A 192.168.0.253
photocopier A 192.168.0.252
intranet CNAME ns1.our-domain.sanitised.
finance CNAME ns1.our-domain.sanitised.
mailscanner CNAME ns1.our-domain.sanitised.
192.168.0
Code:
$TTL 1M
@ IN SOA ns1.our-domain.sanitised. me.our-domain.sanitised. (
200502241 ; serial
8H ; refresh
2H ; retry
1W ; expire
1D ) ; MIN TTL
NS ns1.our-domain.sanitised.
254 PTR router.our-domain.sanitised.
253 PTR ns1.our-domain.sanitised.
252 PTR photocopier.our-domain.sanitised.