Complete DNS fake root setup example
MURTARI, JOHN
jm5903 at att.com
Wed Jan 20 17:12:44 UTC 2016
Folks,
Had to do some testing where we wanted our own insulated fake root environment. We wanted to start from simulated root name servers. I was surprised I couldn't find a complete example even after some extensive searches.
The concepts are easy, but the devil is in the details. We had done this before, but no one ever kept notes so I figured by posting it on the list it will eventually find its way into Google. Here are the setup instructions below, name & ip address have been changed to protect the innocent! Your comments/suggestions are welcome!
#
# This document describes a complete BIND fake root setup
# ?'s - jm5903 at att.com
#
# One DNS server is fake root (Host 12 - 1.2.3.4)
# One DNS server is com TLD (Host 13 - 1.2.3.5)
# One DNS server is bongo.com (Host 06 - 1.2.3.6)
# One DNS server is support.bongo.com NS (Host 07 - 1.2.3.7)
#
================= Host 12 - FAKE ROOT - 1.2.3.4
zone "." {
type master;
file "named.root";
};
-- contents named.root
$TTL 5m
@ IN SOA . rname.invalid. (
0 ; serial
5m ; refresh
5m ; retry
5m ; expire
5m ) ; minimum
@ IN NS fake-root.com
fake-root.com IN A 1.2.3.4
com IN NS tld.com
tld.com IN A 1.2.3.5
. IN TXT "FAKE ROOT"
-- contents /etc/resolv.conf
nameserver 1.2.3.4
==================== Host 13 - FAKE .COM TLD server - 1.2.3.5
zone "." {
type hint;
file "named.root";
};
zone "com" {type master; file "named.com";};
-- contents named.root
$TTL 5m
. 300 IN NS fake-root.com.
fake-root.com. 300 IN A 1.2.3.4
-- contents named.com
$TTL 5m
@ IN SOA @ rname.invalid. (
0 ; serial
5m ; refresh
5m ; retry
5m ; expire
5m ) ; minimum
@ IN NS tld
tld A 1.2.3.5
fake-root A 1.2.3.4
bongo NS ns1.bongo
ns1.bongo A 1.2.3.6
@ IN TXT "FAKE COM SRVR"
--- contents resolv.conf
nameserver 1.2.3.5
============== Host 06 - NS for BONGO.COM - 1.2.3.6
zone "bongo.com" {type master; file "db.bongo.com" ;};
---- contents db.bongo.com
$TTL 10m
lammens.com. IN SOA ns1.lammens.com. contact.lammens.com. (
2 ; Serial
5m ; Refresh after 5 minutes
2m ; Retry after 2 minutes
15m ; Expire after 15 minutes
1m ) ; Negative cachng TTL of 1 minute
lammens.com. IN NS ns1.lammens.com.
ns1.lammens.com. IN A 1.2.3.6
support.lammens.com. IN NS ns1.support.lammens.com.
ns1.support.lammens.com. IN A 1.2.3.7
============== Host 07 - NS for SUPPORT.BONGO.COM - 1.2.3.7
zone "support.bongo.com" IN {
type master;
file "db.support.bongo.com";
};
---- contents db.support.bongo.com
$TTL 10m
support.bongo.com. IN SOA ns1.support.bongo.com. contact.bongo.com. (
11 ; Serial
5m ; Refresh after 5 minutes
2m ; Retry after 2 minutes
15m ; Expire after 15 minutes
1m ) ; Negative cachng TTL of 1 minute
support.bongo.com. IN NS ns1.support.bongo.com.
ns1.support.bongo.com. IN A 1.2.3.7
======= complete test trace
root at Host 13# dig support.bongo.com ns +trace +add
; <<>> DiG 9.9.3-S1-P1a-RedHat-2.0-2 <<>> support.bongo.com ns +trace +add
;; global options: +cmd
. 300 IN NS fake-root.com.
fake-root.com. 300 IN A 1.2.3.4
;; Received 70 bytes from 1.2.3.5#53(1.2.3.5) in 0 ms
com. 86400 IN NS tld.com.
tld.com. 86400 IN A 1.2.3.5
;; Received 82 bytes from 1.2.3.4#53(fake-root.com) in 1 ms
bongo.com. 300 IN NS ns1.bongo.com.
ns1.bongo.com. 300 IN A 1.2.3.6
;; Received 82 bytes from 1.2.3.5#53(tld.com) in 1 ms
support.bongo.com. 600 IN NS ns1.support.bongo.com.
ns1.support.bongo.com. 600 IN A 1.2.3.7
;; Received 116 bytes from 1.2.3.6#53(ns1.bongo.com) in 4 ms
support.bongo.com. 600 IN NS ns1.support.bongo.com.
ns1.support.bongo.com. 600 IN A 1.2.3.7
;; Received 116 bytes from 1.2.3.7#53(ns1.support.bongo.com) in 1 ms
----------------
John Murtari - jm5903 at att.com<mailto:jm5903 at att.com>
Ciberspring
office: 315-944-0998
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20160120/1469a045/attachment-0001.html>
More information about the bind-users
mailing list