bind9 and view [Archive] - HowtoForge Forums | HowtoForge

unkn0wn

18th July 2006, 10:27

I want to know do i fallow right track :)
i have apt-get bind9 dns-utils write my own named.conf

include "/etc/bind/named.conf.options";

logging{
channel simple_log {
file "/var/log/named/bind.log" versions 3 size 5m;
severity warning;
print-time yes;
print-severity yes;
print-category yes;
};
category default{
simple_log;
};
};

zone "." {
type hint;
file "/etc/bind/db.root";
};

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

view "trusted" {
match-clients { 192.168.23.0/24; };
recursion yes;
zone "garden.com {
type master;
file "/etc/bind/db.garden.com-int.";
};

};
view "badguys" {
match-clients {"any"; };
recursion no;
};
zone "garden.com {
type master;
// javni hostovi
file "/etc/bind/db.garden.com-ext";
};
// add required zones
};
include "/etc/bind/named.conf.local";

I want to splice enternal and external network.
Is this a good syntax.
Can i add notify or some else clausule.

After that i write zones one ext with public IP and one internal with internal ip.

I just want to know before i proved to work is that named.conf ok?

unkn0wn

19th July 2006, 03:20

its said that all zones should be in view statment .
???

falko

19th July 2006, 13:54

Did you have a look here? http://www.howtoforge.com/two_in_one_dns_bind9_views

its said that all zones should be in view statment .
???Any error messages?

unkn0wn

19th July 2006, 16:07

i look that but i dont understand .
must i copy all zone to "trusted" part?

is this corect

iew "trusted" {
match-clients { 192.168.23.0/24; };
recursion yes;

zone "garden.com" {
type master;
file "/etc/bind/db.garden-int.com";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

zone "." {
type hint;
file "/etc/bind/db.root";
};

zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

};

view "badguys" {
match-clients {"any"; };
recursion no;

zone "garden.com" {
type master;
file "/etc/bind/db.garden-ext.com";
};
};

falko

20th July 2006, 13:28

Looks ok. Did you test it?

unkn0wn

20th July 2006, 13:34

i test it but when i use this config client couldnot reach dns :(
omg .......
any sugestions?

falko

20th July 2006, 14:10

Anything in your logs? Is port 53 (TCP and UDP) open in your firewall?
What's the output of netstat -tap?

unkn0wn

21st July 2006, 14:53

axe:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:tcpmux *:* LISTEN 21976/portsentry
tcp 0 0 *:20034 *:* LISTEN 21976/portsentry
tcp 0 0 *:32771 *:* LISTEN 21976/portsentry
tcp 0 0 *:32772 *:* LISTEN 21976/portsentry
tcp 0 0 *:40421 *:* LISTEN 21976/portsentry
tcp 0 0 *:32773 *:* LISTEN 21976/portsentry
tcp 0 0 *:32774 *:* LISTEN 21976/portsentry
tcp 0 0 *:31337 *:* LISTEN 21976/portsentry
tcp 0 0 localhost.localdo:mysql *:* LISTEN 30171/mysqld
tcp 0 0 *:ircd *:* LISTEN 21976/portsentry
tcp 0 0 *:systat *:* LISTEN 21976/portsentry
tcp 0 0 *:pop3 *:* LISTEN 1542/dovecot
tcp 0 0 *:5742 *:* LISTEN 21976/portsentry
tcp 0 0 *:imap2 *:* LISTEN 21976/portsentry
tcp 0 0 *:sunrpc *:* LISTEN 21976/portsentry
tcp 0 0 *:finger *:* LISTEN 21976/portsentry
tcp 0 0 *:netstat *:* LISTEN 21976/portsentry
tcp 0 0 *:54320 *:* LISTEN 21976/portsentry
tcp 0 0 *:sieve *:* LISTEN 21976/portsentry
tcp 0 0 *:10000 *:* LISTEN 26918/perl
tcp 0 0 *:27665 *:* LISTEN 21976/portsentry
tcp 0 0 *:ingreslock *:* LISTEN 21976/portsentry
tcp 0 0 192.168.200.1:domain *:* LISTEN 11985/named
tcp 0 0 localhost.locald:domain *:* LISTEN 11985/named
tcp 0 0 *:ftp *:* LISTEN 21976/portsentry
tcp 0 0 *:ssh *:* LISTEN 21976/portsentry
tcp 0 0 *:nntp *:* LISTEN 21976/portsentry
tcp 0 0 *:telnet *:* LISTEN 21976/portsentry
tcp 0 0 *:socks *:* LISTEN 21976/portsentry
tcp 0 0 *:smtp *:* LISTEN 11231/master
tcp 0 0 *:12345 *:* LISTEN 21976/portsentry
tcp 0 0 *:12346 *:* LISTEN 21976/portsentry
tcp 0 0 *:635 *:* LISTEN 21976/portsentry
tcp 0 0 *:49724 *:* LISTEN 21976/portsentry
tcp 0 0 *:uucp *:* LISTEN 21976/portsentry
tcp 0 0 localhost.localdom:2525 *:* LISTEN 3439/gld
tcp 0 0 *:prospero *:* LISTEN 31411/pure-ftpd (SE
tcp 0 0 localhost.localdo:mysql localhost.localdo:42270 ESTABLISHED30171/mysqld
tcp 0 0 localhost.localdo:42270 localhost.localdo:mysql ESTABLISHED7913/dovecot-auth
tcp6 0 0 *:2021 *:* LISTEN 20199/sshd
tcp6 0 0 *:2022 *:* LISTEN 20199/sshd
tcp6 0 0 *:2222 *:* LISTEN 20199/sshd
tcp6 0 0 *:www *:* LISTEN 1048/apache2
tcp6 0 0 *:https *:* LISTEN 1048/apache2
tcp6 0 0 *:prospero *:* LISTEN 31411/pure-ftpd (SE
tcp6 0 4712 ::ffff:192.168.200:2222 ::ffff:212.62.46.9:3101 ESTABLISHED6025/0

falko

22nd July 2006, 16:50

Ok, BIND is running...
Anything in your logs? Is port 53 (TCP and UDP) open in your firewall?