I installed ispconfig 3.2 using the nginx install with the source I have appeared in linte. https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller i want to do using your own dns server and allowing the use of google dns servers if needed. test system I use. ubuntu 18 hostname : yes hostname -f : yes static ip : yes dns redirect : yes hardware: 4gb ram, 4gb swap, 4 cpu and 32 hdd. The commands I use. Code: dpkg-reconfigure locales dpkg-reconfigure tzdate cd /tmp git clone https://git.ispconfig.org/ispconfig/ispconfig-autoinstaller.git cd ispconfig-autoinstaller ./ispc3-ai.sh --lang=en --use-nginx --channel=stable --debug named.conf.options //default Code: options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. // forwarders { // 0.0.0.0; // }; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; version "unknown"; allow-transfer {none;}; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; Outputs of /var/log/syslog Code: Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b0100b10 88.243.42.159#59479 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b0100b10 88.243.42.159#62271 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b0100b10 88.243.42.159#59192 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b0100b10 88.243.42.159#55026 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#57836 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#61588 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#55957 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#51642 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#65444 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#58314 (www.google.com): query (cache) 'www.google.com/A/IN' denied Dec 29 04:57:33 isp04 named[34226]: client @0x7f15b012c1c0 88.243.42.159#50796 (www.facebook.com): query (cache) 'www.facebook.com/A/IN' denied named.conf.options //I arranged here. Code: forwarders { 8.8.8.8; 8.8.4.4; }; I have a problem now. Sorry for my English, I'm lacking in understanding and writing.
There is no such thing as a DNS redirect, so not sure what you mean with that. Do you want to use this server as DNS server for your local network? Or just as DNS server for your zones? Did you restart bind after your changes?
yes, I want to use it for my own zones. When I use my DNS server, access to the other internet is disabled. I want to be able to surf the internet while using my own dns server. I reboot after edits. sorry for my english
Do you mean your internal name servers can not resolve public internet hostnames? Then forwarding does not work. You seem to use Google name servers as forwarders, I do not know if they allow this kind of use or if it is sensible. Try running without forwarders, that should work. If you need faster name resolution, add the closest name servers in network topology, usually your Internet service providers name servers (and they tend to allow using them as forwarders for their customers). If this does not work, what changes have you done to bind9 setup?
You have created an open DNS resolver now which can be used to attack other systems when this server is accessible from the internet. If you want to allow recursion, then limit it to your local IP subnet plus localhost instead of allowing anyone to use your dns resolver.
Code: acl goodclients { 192.0.2.0/24; }; Code: options { directory "/var/cache/bind"; recursion yes; allow-query { goodclients; }; . . . Are you talking about an update that will be done this way? After the update I made, my dns service usage information does not appear in the log file. Do you have any information about this?
