I've setup Bind as my intranet DNS resolving service (running on Ubuntu 16.04.02 LTS).
What I want to achieve:
Having a public domain name which points to a server (example: domain.com -> 1.2.3.4)
Using the same subdomain name which points to internal machines (example: machine1.domain.com -> 192.168.1.100)
What I've done: (configuration)
File: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
recursion yes;
allow-recursion { 192.168.2.0/24; };
listen-on {192.168.2.4; };
allow-transfer { none; };
forwarders {
192.168.2.1; #router
8.8.8.8; #public dns
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
acl "truested" {
192.168.2.0/24;
192.168.2.4; # ns1
192.168.2.5; # ns2
};
File: /etc/bind/named.conf.local
zone "domain.com" {
type master;
file "/etc/bind/zones/db.domain.com";
allow-transfer { 192.168.2.5;};
};
zone 2.168.192.in-addr.arpa {
type master;
file "/etc/bind/zones/db.2.168.192";
allow-transfer { 192.168.2.5; };
};
File: /etc/bind/zones/db.domain.com
$TTL 604800
@ IN SOA ns1.domain.com. root.domain.com. (
5 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers - NS Records
IN NS ns1.domain.com.
IN NS ns2.domain.com.
; name servers - A Records
ns1.domain.com. IN A 192.168.2.4
ns2.domain.com. IN A 192.168.2.5
; 192.168.2.0/24 - A Records
server.domain.com. IN A 192.168.2.120
server2.domain.com. IN A 192.168.2.121
ns1.domain.com. IN A 192.168.2.4
ns2.domain.com. IN A 192.168.2.5
File: /etc/bind/zones/db.2.168.192
$TTL 604800
@ IN SOA ns1.domain.com. root.domain.com. (
4 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
; name servers - NS Records
IN NS ns1.domain.com.
IN NS ns2.domain.com.
; PTR Records
4 IN PTR ns1.domain.com.
5 IN PTR ns2.domain.com.
120 IN PTR server.domain.com.
121 IN PTR server2.domain.com.
Problem: When I do a DNS Lookup from a computer (having set as DNS server this server "192.168.2.4) for the IP of domain.com it doesn't return a value. Which consequently doesn't open the webpage of the external server (domain.com).
What do I have to change to have a DNS server working as I want?
Answer
Why not setup forwarding for the zone for domain.com and create a new zone for a subdomain of domain.com for which the local name server is authoritative?
My example uses example.com instead of domain.com ...
192.168.33.0/24
+--------------------------+ |
| | |
| Client 1 |192.168.33.1 | +----------------------+
| client1.corp.example.com |-------------- | |
| | |192.168.33.5 | Corporate name server|
+--------------------------+ --------------| ns1.corp.example.com |
| | |
| +----------------------+
+-------------------------+ |
| | |
|Server 1 | 192.168.33.2 |
|server1.corp.example.com |--------------|
| | | +------------+
+-------------------------+ |192.168.33.7 | |
--------------- Router |
| | |
| +------|-----+
| |
|
|1.2.3.4
|
|
The Internet
1.2.3.5 /-----
/-------------- |
+------------------ |
| | | 1.2.3.6
| WWW server | |
| www.example.com | +------------|------------+
| | | |
+-----------------+ | example.com name server |
| ns.example.com |
| |
+-------------------------+
Here are the configs:
/etc/bind/named.conf.options:
options {
directory "/var/cache/bind";
dnssec-validation auto;
auth-nxdomain no;
};
/etc/bind/named.conf.local:
zone "example.com" {
type forward;
forwarders {
1.2.3.6;
};
};
zone "corp.example.com" {
type master;
file "/etc/bind/db.corp.example.com";
};
zone 33.168.192.in-addr.arpa {
type master;
file "/etc/bind/db.192.168.33";
};
/etc/bind/db.db.corp.example.com:
$TTL 604800
$ORIGIN corp.example.com.
@ IN SOA ns1.corp.example.com. admin.example.com. (
5;
604800;
86400;
2419200;
604800;
)
; name servers
IN NS ns1.corp.example.com.
; name servers
ns1 IN A 192.168.33.5
; hosts
client1 IN A 192.168.33.1
server1 IN A 192.168.33.2
ns1 IN A 192.168.33.5
/etc/bind/db.192.168.33:
$TTL 604800
$ORIGIN 33.168.192.in-addr.arpa.
@ IN SOA ns1.corp.example.com. admin.example.com. (
4;
604800;
86400;
2419200;
604800;
)
; name servers
IN NS ns1.corp.example.com.
; hosts
1 IN PTR client1.corp.example.com.
2 IN PTR server1.corp.example.com.
5 IN PTR ns1.corp.example.com.
Note: You are missing the $ORIGIN directive in your db.2.168.192 zone file, but you are using shortcuts in the PTR RRs.
Nslookup test with a local installation of BIND (forwarding to 8.8.8.8 for zone example.com just so we can have some results):
> server 127.0.0.1
Default server: 127.0.0.1
Address: 127.0.0.1#53
> set type=ns
> corp.example.com
Server: 127.0.0.1
Address: 127.0.0.1#53
corp.example.com nameserver = ns1.corp.example.com.
> set type=a
> server1.corp.example.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Name: server1.corp.example.com
Address: 192.168.33.2
And for www.example.com:
> set type=a
> www.example.com
Server: 127.0.0.1
Address: 127.0.0.1#53
Non-authoritative answer:
Name: www.example.com
Address: 93.184.216.34
No comments:
Post a Comment