EDIT: Now works, but please see comment below.
I have setup bind9 following this tutorial.
I am now able to ping my NS by name, as well as my main computer, each of which I correctly entered A & PTR records for. So, basically I have a working local DNS server. named-checkconf and named-checkzone don't give any errors for forward and reverse zones.
The issue is that when I configure the clients to use this DNS server, they "loose the internet". In my interpretation, my bind9 server only answers what is explicitly listed in his zones, but fails to forward the queries he isn't able to answer to.
named.conf.options does specify forwarders.
What configuration should I add to make my NS correctly forward to OpenDNS FamilyShield (my chosen authoritative DNS server in this case) ?
Thanks a lot
EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.
21 Answer
ok, lets check this resume: you check the sintaxis of 3 files, named.conf, forward zone file and reverse zone file, have the forwarders in named.conf, you cant query the forwarders in the DNS server (nslookup 8.8.8.8, dig @8.8.8.8 google.com, etc), configure the clients to use this DNS server (by IP address), the server and client are in communication (ping), you have incoming and outgoing traffic by port 53 (default for DNS) between clients and server. i Think that's all.
Named.conf basic file:
options { listen-on port 53 { 127.0.0.1; 192.168.xxx.x; }; listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.0.0/16; }; recursion yes; Forwarders { 208.67.222.123; 8.8.8.8; 200.35.65.4; }; forward first; dnssec-enable no; dnssec-validation no; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic";
};
logging { channel default_debug { file "data/named.run"; severity dynamic; };
};
zone "." IN { type hint; file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";Config for /etc/named.rcf1912.zones
zone "domain.com" IN { type master; file "forward.domain.com"; allow-update { none; };
};
zone "localhost" IN { type master; file "named.localhost"; allow-update { none; };
};
zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN { type master; file "named.loopback"; allow-update { none; };
};
zone "1.0.0.127.in-addr.arpa" IN { type master; file "named.loopback"; allow-update { none; };
};
zone "xxx.xxx.168.192.in-addr.arpa" IN { type master; file "reverse.domain.com"; allow-update { none; };
};EDIT: To be clear, the aimed purpose of my NS should be to resolve local requests (aka, make me able to contact LAN machines by names), but to forward all "internet" requests to a bigger DNS server.
To do this you need to create a entry to every local machine, an address and PTR records and the forwarders would be you "bigger DNS server"
1
