bind9 and view

Discussion in 'Server Operation' started by unkn0wn, Jul 18, 2006.

  1. unkn0wn

    unkn0wn New Member

    I want to know do i fallow right track :)
    i have apt-get bind9 dns-utils write my own named.conf

    Code:
    


include "/etc/bind/named.conf.options";


logging{
  channel simple_log {
    file "/var/log/named/bind.log" versions 3 size 5m;
    severity warning;
    print-time yes;
    print-severity yes;
    print-category yes;
  };
  category default{
    simple_log;
  };
};



zone "." {
type hint;
file "/etc/bind/db.root";
};



zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};



view "trusted" {
 match-clients { 192.168.23.0/24; }; 
  recursion yes;
  zone "garden.com {
   type master;
   file "/etc/bind/db.garden.com-int.";
  };

 };
view "badguys" {
 match-clients {"any"; }; 
 recursion no;
 };
 zone "garden.com {
   type master;
   // javni hostovi
   file "/etc/bind/db.garden.com-ext";
  };
  // add required zones
 };
include "/etc/bind/named.conf.local";
    I want to splice enternal and external network.
    Is this a good syntax.
    Can i add notify or some else clausule.

    After that i write zones one ext with public IP and one internal with internal ip.

    I just want to know before i proved to work is that named.conf ok?
     
    unkn0wn, Jul 18, 2006
    #1
  2. unkn0wn

    unkn0wn New Member

    its said that all zones should be in view statment .
    ???
     
    unkn0wn, Jul 19, 2006
    #2
  3. falko

    falko Super Moderator Howtoforge Staff

    falko, Jul 19, 2006
    #3
  4. unkn0wn

    unkn0wn New Member

    i look that but i dont understand .
    must i copy all zone to "trusted" part?

    is this corect

    Code:
    iew "trusted" {
  match-clients { 192.168.23.0/24; };
  recursion yes;

  zone "garden.com" {
    type master;
    file "/etc/bind/db.garden-int.com";
  };

  zone "255.in-addr.arpa" {
    type master;
    file "/etc/bind/db.255";
  };

zone "." {
        type hint;
        file "/etc/bind/db.root";
};

zone "localhost" {
        type master;
        file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
        type master;
        file "/etc/bind/db.127";
};

};

view "badguys" {
  match-clients {"any"; };
  recursion no;

  zone "garden.com" {
    type master;
    file "/etc/bind/db.garden-ext.com";
  };
};
     
    unkn0wn, Jul 19, 2006
    #4
  5. falko

    falko Super Moderator Howtoforge Staff

    Looks ok. Did you test it?
     
    falko, Jul 20, 2006
    #5
  6. unkn0wn

    unkn0wn New Member

    i test it but when i use this config client couldnot reach dns :(
    omg .......
    any sugestions?
     
    unkn0wn, Jul 20, 2006
    #6
  7. falko

    falko Super Moderator Howtoforge Staff

    Anything in your logs? Is port 53 (TCP and UDP) open in your firewall?
    What's the output of
    Code:
    netstat -tap
    ?
     
    falko, Jul 20, 2006
    #7
  8. unkn0wn

    unkn0wn New Member

    axe:~# netstat -tap
    Active Internet connections (servers and established)
    Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
    tcp 0 0 *:tcpmux *:* LISTEN 21976/portsentry
    tcp 0 0 *:20034 *:* LISTEN 21976/portsentry
    tcp 0 0 *:32771 *:* LISTEN 21976/portsentry
    tcp 0 0 *:32772 *:* LISTEN 21976/portsentry
    tcp 0 0 *:40421 *:* LISTEN 21976/portsentry
    tcp 0 0 *:32773 *:* LISTEN 21976/portsentry
    tcp 0 0 *:32774 *:* LISTEN 21976/portsentry
    tcp 0 0 *:31337 *:* LISTEN 21976/portsentry
    tcp 0 0 localhost.localdo:mysql *:* LISTEN 30171/mysqld
    tcp 0 0 *:ircd *:* LISTEN 21976/portsentry
    tcp 0 0 *:systat *:* LISTEN 21976/portsentry
    tcp 0 0 *:pop3 *:* LISTEN 1542/dovecot
    tcp 0 0 *:5742 *:* LISTEN 21976/portsentry
    tcp 0 0 *:imap2 *:* LISTEN 21976/portsentry
    tcp 0 0 *:sunrpc *:* LISTEN 21976/portsentry
    tcp 0 0 *:finger *:* LISTEN 21976/portsentry
    tcp 0 0 *:netstat *:* LISTEN 21976/portsentry
    tcp 0 0 *:54320 *:* LISTEN 21976/portsentry
    tcp 0 0 *:sieve *:* LISTEN 21976/portsentry
    tcp 0 0 *:10000 *:* LISTEN 26918/perl
    tcp 0 0 *:27665 *:* LISTEN 21976/portsentry
    tcp 0 0 *:ingreslock *:* LISTEN 21976/portsentry
    tcp 0 0 192.168.200.1:domain *:* LISTEN 11985/named
    tcp 0 0 localhost.locald:domain *:* LISTEN 11985/named
    tcp 0 0 *:ftp *:* LISTEN 21976/portsentry
    tcp 0 0 *:ssh *:* LISTEN 21976/portsentry
    tcp 0 0 *:nntp *:* LISTEN 21976/portsentry
    tcp 0 0 *:telnet *:* LISTEN 21976/portsentry
    tcp 0 0 *:socks *:* LISTEN 21976/portsentry
    tcp 0 0 *:smtp *:* LISTEN 11231/master
    tcp 0 0 *:12345 *:* LISTEN 21976/portsentry
    tcp 0 0 *:12346 *:* LISTEN 21976/portsentry
    tcp 0 0 *:635 *:* LISTEN 21976/portsentry
    tcp 0 0 *:49724 *:* LISTEN 21976/portsentry
    tcp 0 0 *:uucp *:* LISTEN 21976/portsentry
    tcp 0 0 localhost.localdom:2525 *:* LISTEN 3439/gld
    tcp 0 0 *:prospero *:* LISTEN 31411/pure-ftpd (SE
    tcp 0 0 localhost.localdo:mysql localhost.localdo:42270 ESTABLISHED30171/mysqld
    tcp 0 0 localhost.localdo:42270 localhost.localdo:mysql ESTABLISHED7913/dovecot-auth
    tcp6 0 0 *:2021 *:* LISTEN 20199/sshd
    tcp6 0 0 *:2022 *:* LISTEN 20199/sshd
    tcp6 0 0 *:2222 *:* LISTEN 20199/sshd
    tcp6 0 0 *:www *:* LISTEN 1048/apache2
    tcp6 0 0 *:https *:* LISTEN 1048/apache2
    tcp6 0 0 *:prospero *:* LISTEN 31411/pure-ftpd (SE
    tcp6 0 4712 ::ffff:192.168.200:2222 ::ffff:212.62.46.9:3101 ESTABLISHED6025/0
     
    unkn0wn, Jul 21, 2006
    #8
  9. falko

    falko Super Moderator Howtoforge Staff

    Ok, BIND is running...
    Anything in your logs? Is port 53 (TCP and UDP) open in your firewall?
     
    falko, Jul 22, 2006
    #9

Share This Page