Navigation

unkn0wn · #1 18th July 2006, 09:27

I want to know do i fallow right track

i have apt-get bind9 dns-utils write my own named.conf

Code:



include "/etc/bind/named.conf.options";


logging{
  channel simple_log {
    file "/var/log/named/bind.log" versions 3 size 5m;
    severity warning;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
};



zone "." {
type hint;
file "/etc/bind/db.root";
};



zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};



view "trusted" {
 match-clients { 192.168.23.0/24; }; 
  recursion yes;
  zone "garden.com {
   type master;
   file "/etc/bind/db.garden.com-int.";
  };

 };
view "badguys" {
 match-clients {"any"; }; 
 recursion no;
 };
 zone "garden.com {
   type master;
   // javni hostovi
   file "/etc/bind/db.garden.com-ext";
  };
  // add required zones
 };
include "/etc/bind/named.conf.local";

I want to splice enternal and external network.
Is this a good syntax.
Can i add notify or some else clausule.

After that i write zones one ext with public IP and one internal with internal ip.

I just want to know before i proved to work is that named.conf ok?

unkn0wn · #2 19th July 2006, 02:20

its said that all zones should be in view statment .
???

falko · #3 19th July 2006, 12:54

Did you have a look here? http://www.howtoforge.com/two_in_one_dns_bind9_views

Quote:

Originally Posted by unkn0wn

its said that all zones should be in view statment .
???

Any error messages?

unkn0wn · #4 19th July 2006, 15:07

i look that but i dont understand .
must i copy all zone to "trusted" part?

is this corect

Code:

iew "trusted" {
  match-clients { 192.168.23.0/24; };
  recursion yes;

  zone "garden.com" {
    type master;
    file "/etc/bind/db.garden-int.com";
  };

  zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
  };

zone "." {
        type hint;
        file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

};

view "badguys" {
  match-clients {"any"; };
  recursion no;

  zone "garden.com" {
    type master;
    file "/etc/bind/db.garden-ext.com";
  };
};

falko · #5 20th July 2006, 12:28

Looks ok. Did you test it?

unkn0wn · #6 20th July 2006, 12:34

i test it but when i use this config client couldnot reach dns

omg .......
any sugestions?

falko · #7 20th July 2006, 13:10

Anything in your logs? Is port 53 (TCP and UDP) open in your firewall?
What's the output of

Code:

netstat -tap

?

unkn0wn · #8 21st July 2006, 13:53

axe:~# netstat -tap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:tcpmux *:* LISTEN 21976/portsentry
tcp 0 0 *:20034 *:* LISTEN 21976/portsentry
tcp 0 0 *:32771 *:* LISTEN 21976/portsentry
tcp 0 0 *:32772 *:* LISTEN 21976/portsentry
tcp 0 0 *:40421 *:* LISTEN 21976/portsentry
tcp 0 0 *:32773 *:* LISTEN 21976/portsentry
tcp 0 0 *:32774 *:* LISTEN 21976/portsentry
tcp 0 0 *:31337 *:* LISTEN 21976/portsentry
tcp 0 0 localhost.localdo:mysql *:* LISTEN 30171/mysqld
tcp 0 0 *:ircd *:* LISTEN 21976/portsentry
tcp 0 0 *:systat *:* LISTEN 21976/portsentry
tcp 0 0 *

op3 *:* LISTEN 1542/dovecot
tcp 0 0 *:5742 *:* LISTEN 21976/portsentry
tcp 0 0 *:imap2 *:* LISTEN 21976/portsentry
tcp 0 0 *:sunrpc *:* LISTEN 21976/portsentry
tcp 0 0 *:finger *:* LISTEN 21976/portsentry
tcp 0 0 *:netstat *:* LISTEN 21976/portsentry
tcp 0 0 *:54320 *:* LISTEN 21976/portsentry
tcp 0 0 *:sieve *:* LISTEN 21976/portsentry
tcp 0 0 *:10000 *:* LISTEN 26918/perl
tcp 0 0 *:27665 *:* LISTEN 21976/portsentry
tcp 0 0 *:ingreslock *:* LISTEN 21976/portsentry
tcp 0 0 192.168.200.1:domain *:* LISTEN 11985/named
tcp 0 0 localhost.locald:domain *:* LISTEN 11985/named
tcp 0 0 *:ftp *:* LISTEN 21976/portsentry
tcp 0 0 *:ssh *:* LISTEN 21976/portsentry
tcp 0 0 *:nntp *:* LISTEN 21976/portsentry
tcp 0 0 *:telnet *:* LISTEN 21976/portsentry
tcp 0 0 *:socks *:* LISTEN 21976/portsentry
tcp 0 0 *:smtp *:* LISTEN 11231/master
tcp 0 0 *:12345 *:* LISTEN 21976/portsentry
tcp 0 0 *:12346 *:* LISTEN 21976/portsentry
tcp 0 0 *:635 *:* LISTEN 21976/portsentry
tcp 0 0 *:49724 *:* LISTEN 21976/portsentry
tcp 0 0 *:uucp *:* LISTEN 21976/portsentry
tcp 0 0 localhost.localdom:2525 *:* LISTEN 3439/gld
tcp 0 0 *

rospero *:* LISTEN 31411/pure-ftpd (SE
tcp 0 0 localhost.localdo:mysql localhost.localdo:42270 ESTABLISHED30171/mysqld
tcp 0 0 localhost.localdo:42270 localhost.localdo:mysql ESTABLISHED7913/dovecot-auth
tcp6 0 0 *:2021 *:* LISTEN 20199/sshd
tcp6 0 0 *:2022 *:* LISTEN 20199/sshd
tcp6 0 0 *:2222 *:* LISTEN 20199/sshd
tcp6 0 0 *:www *:* LISTEN 1048/apache2
tcp6 0 0 *:https *:* LISTEN 1048/apache2
tcp6 0 0 *

rospero *:* LISTEN 31411/pure-ftpd (SE
tcp6 0 4712 ::ffff:192.168.200:2222 ::ffff:212.62.46.9:3101 ESTABLISHED6025/0

falko · #9 22nd July 2006, 15:50

Ok, BIND is running...
Anything in your logs? Is port 53 (TCP and UDP) open in your firewall?

Navigation

Facebook

News

Recent comments

Newsletter