hey
My name is ferre en for a labo project for school With is a Bind9 configure or Rocky linux. But there is an error in the configuration of my DNS and I can't find the error. The linux server is in a VMware where at has 2 network interfaces 1 in a vlan that can only communicate to a VMclient ( for the lab ) and 1 to outside.
if i check the zone comes out and an OK.
"sudo named-checkzone defossez.sil.db /var/named/defossez.sil.db"
below you can find the targets and the cofiguration code.
targets:
bind your DNS server only to localhost and 192.168.1.1
only requests from 192.168.1.0/24 should be processed
dns-requests for sites we don't host ourselves are forwarded to 10.129.28.232 and 10.129.28.230 (DNS-servers of the training)
Disable DNSsec (both lines). This will be covered in a later section.
Change the DNS settings on your client and on the server so that your server is used as the primary DNS server.
Test with the following commands if your server and client use your own DNS server, the command depends on the OS:
Ubuntu and Fedora:
systemd-resolve-status
Rocky Linux:
cat /etc/resolv.conf
Test your setup by pinging to
www.google.be. If this does not work, troubleshoot your solution.
The next step is to create a file for the zone familyname.sil. This DNS server is the master.
Use the template in /var/named/ to create a new zone-file surname.sil
Link the zone surname.sil to this file and make your server master for this zone.
In the file surname.sil now create a new forward zone surname.sil
Within the zone, create the following records:
SOA record
ns-record
a-record for the server (value: srvName)
alias-record for the server (value: www) This will come in handy later when configuring our web server.
Test your setup by pinging from your client to
www.familienaam.sil. Make sure the correct IP address is resolved.
Finally, make sure the service is started automatically when the server starts.
configuartion code
/var/named/defossez.sil.db
$TTL 86400
@ IN SOA dns-primary.defossez.sil. admin.defossez.sil. (
2019061800 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
;Name Server Information
@ IN NS dns-primary.defossez.sil.
;IP for Name Server
primary IN A 192.168.1.1
;A Record for IP address to Hostname
wiki. IN A 192.168.1.13
www. IN A 192.168.1.14
devel. IN A 192.168.1.15
; alias
;www. IN CNAME A defossez.sil
------------------------------------------
/etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1;192.168.1.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
filter-aaaa-on-v4 yes;
allow-query { localhost;192.168.1.0/24; };
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable NO;
dnssec-validation NO;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
/*
https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
zone "defossez.sil" IN {
type master;
file "defoseez.sil";
allow-update { none; };
};
error in the configuring BIND 9.11.26. on Rocky Linux 8.4 (Green Obsidian) and can not find the error
