Try this instead.
I had to help a friend to setup a DNS caching server for his network. His network is a little bit special since he is connected constantly to three distinct networks: the Internet , the AWMN - A wireless community , and his `local` network.
The DNS server will serve the local network and provide a `public` DNS server to the wireless community.
I am setting the DNS caching server on an Ubuntu 12.04 server but the instructions following should work just fine on any Debian based system.
First of all we need to install bind
root@ubuntu-01:~# apt-get install bind9
Setting up bind
I like to reduce the number of files used to a minimum in any configuration so I set /etc/named.conf to the one following.
root@ubuntu-01:/etc/bind# cat named.conf // This is the primary configuration file for the BIND DNS server named. // // Please read /usr/share/doc/bind9/README.Debian.gz for information on the // structure of BIND configuration files in Debian, *BEFORE* you customize // this configuration file. // // If you are just adding zones, please do that in /etc/bind/named.conf.local //#g0 - 2012 there is an entry describing this configuration at alog.ipduh.com include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; //include "/etc/bind/named.conf.default-zones";
Next let 's set the basics at /etc/named.conf.options. 10.27.224.17 is an IP address accessible by the whole Wireless Communtity AWMN and the local network. The gateway used by the server has Internet Access.
root@ubuntu-01:/etc/bind# cat named.conf.options options { directory "/var/cache/bind"; version "some other version search alog.ipduh.com & awmn wiki"; listen-on { 127.0.0.1; 10.27.224.17; }; // If there is a firewall between you and nameservers you want // to talk to, you may need to fix the firewall to allow multiple // ports to talk. See http://www.kb.cert.org/vuls/id/800113 // If your ISP provided one or more IP addresses for stable // nameservers, you probably want to use them as forwarders. // Uncomment the following block, and insert the addresses replacing // the all-0's placeholder. //forwarders { // 0.0.0.0; //}; //======================================================================== // If BIND logs error messages about the root key being expired, // you will need to update your keys. See https://www.isc.org/bind-keys //======================================================================== //dnssec-validation auto; auth-nxdomain no; # conform to RFC1035 //listen-on-v6 { any; }; };
I disabled dnssec-validation and I will push the "." hint to the bottom so the DNS resolver-cache can deal with the wireless communities TLDs any way it wants.
Here goes the heart of it all --the /etc/named.conf.local
root@ubuntu-01:/etc/bind# cat named.conf.local // #g0 2012 -- http://ipduh.com/contact -- there is a post on alog.ipduh.com // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; //No need we will make the caching DNS server available to everyone //acl internals { // 127.0.0.0/8; // 192.168.0.0/16; // 10.0.0.0/8; //}; //view "internal" { // match-clients { internals; }; // recursion yes; //Moved to the bottom // prime the server with knowledge of the root servers //zone "." { // type hint; // file "/etc/bind/db.root"; //}; // be authoritative for the localhost forward and reverse zones, and for // broadcast zones as per RFC 1912 zone "localhost" { type master; file "/etc/bind/db.local"; }; zone "127.in-addr.arpa" { type master; file "/etc/bind/db.127"; }; zone "0.in-addr.arpa" { type master; file "/etc/bind/db.0"; }; zone "255.in-addr.arpa" { type master; file "/etc/bind/db.255"; }; //#################################### //# Greek Wireless Communities Zones # //#################################### //# https://www.awmn.net/wiki/ # //#################################### //Because awmn will go gwmn pretty soon g stands for Greek or Global ;) //#################################### zone "10.in-addr.arpa" IN { type forward; forwarders { 10.19.143.12; 10.19.143.13; }; }; zone "awmn" IN { type forward; forwarders { // 10.0.1.1; 10.19.143.12; // 10.19.143.13; }; }; zone "wn" IN { type forward; forwarders { 10.126.3.115; 10.110.17.115; 10.19.143.12; 10.17.122.134; 10.86.87.129; 10.2.16.130; 10.110.17.67; }; }; zone "swn" IN { type forward; forwarders { 10.101.0.254; 10.106.3.1; 10.174.254.101; 10.174.1.253; }; }; zone "twmn" IN { type forward; forwarders { 10.104.76.65; 10.122.20.70; 10.122.3.68; 10.122.14.72; 10.104.1.74; }; }; zone "wthess" IN { type forward; forwarders { 10.96.0.1; 10.96.22.2; 10.96.9.3; }; }; zone "ewn" IN { type forward; forwarders { 10.145.7.150; 10.146.210.130; }; }; zone "mswn" IN { type forward; forwarders { 10.148.50.2; }; }; zone "cywn" IN { type forward; forwarders { 10.215.0.125; 10.215.2.126; }; }; zone "dwn" IN { type forward; forwarders { 10.174.1.253; 10.174.254.101; 10.174.17.250; }; }; zone "wiran" IN { type forward; forwarders { 10.230.3.133; }; }; zone "wana" IN { type forward; forwarders { 10.224.3.35; }; }; zone "awn" IN { type forward; forwarders { 10.198.0.130; }; }; zone "pwmn" IN { type forward; forwarders { 10.140.14.67; }; }; // prime the server with knowledge of the root servers zone "." { type hint; file "/etc/bind/db.root"; }; //};
Going around the resolv.conf madness on ubuntu 12.04 server.
Adding 127.0.0.1 on /etc/resolv.conf to be on the safe side
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cat /etc/resolv.conf # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8) # DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN nameserver 127.0.0.1
Set base, original , and tail in the /etc/resolvconf/resolv.conf.d directory
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cat base nameserver 10.27.224.17 nameserver 127.0.0.1 root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cp base tail root@ubuntu-01:/etc/resolvconf/resolv.conf.d# cp tail original
Restart Bind9 and Test Configuration
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# /etc/init.d/bind9 restart * Stopping domain name service... bind9 waiting for pid 5881 to die [ OK ] * Starting domain name service... bind9
root@ubuntu-01:/etc/resolvconf/resolv.conf.d# dig forum.awmn +short 10.19.143.13 root@ubuntu-01:/etc/resolvconf/resolv.conf.d# dig ipduh.com +short 85.25.242.245
OK, it works.
caching DSN for the AWMN --outdated