Problems with NS @home and my public
With No Name
withnoname at tdwave.net
Wed Jan 4 07:07:39 UTC 2012
Hello,
I learn network administration and like to configure my network to do:
workstation -> ns.intra.mydomain.com -> ns.mydomain.com
currently I have followin configs:
workstation:
--( /etc/resolv.conf )--------------------------------------------------
search intra.mydomain.com
nameserver 192.168.0.2
------------------------------------------------------------------------
ns.intra.mydomain.com
--( /etc/resolv.conf )--------------------------------------------------
search mydomain.com
nameserver IP.OF.MY.PUBLIC.NS
-------------------------------------------------------------------------
--( /etc/named.conf.options )-------------------------------------------
options {
directory "/var/cache/bind";
check-names master fail;
check-names slave warn;
check-names response ignore;
auth-nxdomain no;
listen-on-v6 { any; };
listen-on { 192.168.0.2; };
forwarders {
IP.OF.MY.PUBLIC.NS;
};
dnssec-enable yes;
};
logging {
channel default_syslog {
syslog local2;
severity info;
print-category yes;
print-severity yes;
print-time no;
};
category default {
};
category edns-disabled {
null;
};
};
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
include "/etc/bind/tsig.key";
------------------------------------------------------------------------
ns.mydomain.com:
--( /etc/resolv.conf )--------------------------------------------------
------------------------------------------------------------------------
--( /etc/named.conf.options )-------------------------------------------
options {
directory "/var/cache/bind";
check-names master fail;
check-names slave warn;
check-names response ignore;
auth-nxdomain no;
listen-on-v6 { any; };
listen-on { IP.OF.MY.PUBLIC.NS; };
dnssec-enable yes;
recursion yes;
allow-recursion { any; };
allow-query { any; };
allow-query-cache { any; };
};
logging {
channel default_syslog {
syslog local2;
severity info;
print-category yes;
print-severity yes;
print-time no;
};
category default {
default_syslog;
};
};
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
include "/etc/bind/tsig.key";
------------------------------------------------------------------------
I have gotten the above config from the internet but it seems not to
work, because I have the same error messages like
lame-servers: info: error (unexpected RCODE REFUSED) resolving...
security: info: client MY.FIXED.HOME.IP#5525: query (cache) 'some_domain'
denied
lame-servers: info: error (network unreachable) resolving 'b.au/AAAA/IN':
2607:f140:ffff:fffe::3#53
lame-servers: info: lame server resolving 'www.some_domain' (in
'some_domain'?): first.NS.IP#53
lame-servers: info: lame server resolving 'www.some_domain' (in
'some_domain'?): second.NS.IP#53
in my logs as another person on the list.
So, in the last days I was searchi the intenet hell how to solf this
problem but have noting found yet
Can someone help me please?
Where can I find a HOWTO which tell me how to setup my Name Server
correctly including DNSEC3
Thanks
Note: I need to lean this perfectly, because I come from a conty where
peoples are kidnaped and killed by the government and I need a
bulletproof setup which I can put online one day without risking
being hacked by my government
More information about the bind-users
mailing list