[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: bind9 and dns forward

Hi,

Been a few busy week, that is why I only respond now, sory.
Also.... as there is a lot of sensitive info in this mail, like a complete lost to domain controllers to be hacked, ;-) I am sending it direct. I will send a redacted version to the list

>> What does +cd do? I was unable to find it in the man page.
> it disable dnssec checks, was just in case of real dnssec problem

Aha, ok clear.

> can you give full /etc/resolv.conf
> from your result you should have 127.0.0.1 in it but just to be sure

-----<Quote>-------------------
beheerdertio@linbobo:~$ cat /etc/resolv.conf 
domain bobo.xs4all.nl
search bobo.xs4all.nl
search tio.nl
search staf.tio.nl
search student.tio.nl
nameserver 127.0.0.1
nameserver 8.8.8.8
-----<Quote>-------------------

When booting if the internal bind is not up and running yet some services might need a resolver so I have 8.8.8.8 in there as well as a second dns entry.

> and also :
> dig tio.nl NS
> dig @172.16.208.10 tio.nl NS

-----<Quote>-------------------
linbobo:~# dig tio.nl NS

; <<>> DiG 9.16.37-Debian <<>> tio.nl NS ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 34517 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: bfc026467d702f7d010000006467377dffdb068b3e9c0a69 (good) ;; QUESTION SECTION:
;tio.nl.                                IN      NS

;; Query time: 32 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri May 19 10:46:53 CEST 2023
;; MSG SIZE  rcvd: 63

linbobo:~# dig @172.16.208.10 tio.nl NS

; <<>> DiG 9.16.37-Debian <<>> @172.16.208.10 tio.nl NS ; (1 server found) ;; global options: +cmd ;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13283 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 18, AUTHORITY: 0, ADDITIONAL: 19

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;tio.nl.                                IN      NS

;; ANSWER SECTION:
tio.nl.                 3600    IN      NS      hgltiodc-04.tio.nl.
[....]
tio.nl.                 3600    IN      NS      amsstuddc-04.student.tio.nl.

;; ADDITIONAL SECTION:
hgltiodc-04.tio.nl.     3600    IN      A       172.16.128.40
[...]
amsstuddc-04.student.tio.nl. 1200 IN    A       172.16.196.11

;; Query time: 20 msec
;; SERVER: 172.16.208.10#53(172.16.208.10) ;; WHEN: Fri May 19 10:48:07 CEST 2023 ;; MSG SIZE  rcvd: 816

-----<Quote>-------------------

Bonno Bloksma
Reply to: