Dear Friends,
I created um DNS server for network Internal and External same SERVER, but the control by ACLs in named.conf don't work, when I active ACLs the server don't resoluction external domain names.
Please, check NAMED.CONF file.
// // named.conf for Red Hat caching-nameserver //
options { directory "/var/named/"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53;
allow-query { 127.0.0.1/32; 192.168.1.0/24; 200.245.88.23/32; 200.162.222.37/32;};
allow-transfer { 127.0.0.1/32; 192.168.1.0/24; 200.162.222.37/32; 195.20.105.149/32; 193.111.27.194/32; 194.145.96.21/32; 193.23.158.13;};
allow-recursion { 127.0.0.1/32; 192.168.1.0/24; 200.162.222.37/32;};
// allow-notify { 127.0.0.1/32; // 200.245.88.23/32;};
}; // LOG logging { channel query-log { file "/var/named/data/query-log" versions 5 size 50m; }; category queries { query-log; }; };
acl internals { 192.168.1/24; 127/8; };
// // a caching only nameserver config // controls { inet 127.0.0.1 port 953 allow { localhost; } keys { rndckey; }; };
view "external" { match-clients { any; }; recursion no;
zone "conntrust.com" IN { type master; file "conntrust.com.hosts"; allow-update {none;}; allow-query {any;}; allow-transfer {any;}; };
zone "whitelist.conntrust.com" IN { type master; file "whitelist.conntrust.com.hosts"; allow-update {none;}; allow-query {any;}; allow-transfer {any;}; };
}; //acl external
view "internal" { match-clients { internals; }; recursion yes;
zone "." IN { type hint; file "named.ca"; };
zone "localdomain" IN { type master; file "localdomain.zone"; // allow-update { none; }; };
zone "localhost" IN { type master; file "localhost.zone"; // allow-update { none; }; };
zone "0.0.127.in-addr.arpa" IN { type master; file "named.local"; // allow-update { none; }; };
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.ip6.local"; // allow-update { none; }; };
zone "255.in-addr.arpa" IN { type master; file "named.broadcast"; // allow-update { none; }; };
zone "0.in-addr.arpa" IN { type master; file "named.zero"; // allow-update { none; }; };
zone "conntrust.com" IN { type master; file "internal.conntrust.com.hosts"; allow-update { internals; };
};
}; // acl internal
include "/etc/rndc.key";
Thanks
Adriano
On Mon December 11 2006 19:22, Adriano Frare wrote:
I created um DNS server for network Internal and External same SERVER, but the control by ACLs in named.conf don't work, when I active ACLs the server don't resoluction external domain names.
First off are you running a caching server or will it serve a domain? Then you need to clean up your named.conf file to make it easier to follow. Place all the allow-* into the options section. It doesn't look like you are denying anything. Then delete the items you don't need i.e., if yo are not using ipv6 the don't load those zones. I did not see any reverse zone for 192.168.1 zone. Also you do not need to load the local* zones. This information your system gets from the /etc/hosts file.
I am willing to help if I know what you are looking and how you want the server to work.
-
Adriano Frare -
Robert Spangler