I'm sadly restricted to a very old version of bind (9.4.2)
This is the think. If I setup bind with a named.conf and only forwarding it works perfect.
acl clients {
any ;
};
options {
listen-on { 10.245.46.11; };
forward only ;
forwarders { 8.8.8.8 ; } ;
allow-query { clients ; };
max-cache-size 2097152 ;
empty-zones-enable no;
querylog yes;
directory "/usr/local/named/etc/zones";
dump-file "/usr/local/named/cache_dump.db";
statistics-file "/usr/local/named/named_stats.txt";
version "not currently available";
pid-file "/usr/local/named/var/run/named.pid";
};
As soon as I add a spoofed root zone it works as intended.
zone "." IN {
type master;
file "all.zone";
notify no;
};
Where all.zone contains only a single A address with wildcard forwarding to it so all DNS queries get replied with that single address.
The problem I am facing is that I wan't to allow certain domains to be forwarded to the public DNS. Example below
zone "cnn.com" {
type forward;
forwarders { 8.8.8.8; 8.8.4.4; };
};
/** Spoofed **/
zone "." IN {
type master;
file "all.zone";
notify no;
};
Every query to *.cnn.com gets replied with nothing (instead of the spoofed address)
nslookup www.cnn.com 10.245.46.11
Server: 10.245.46.11
Address: 10.245.46.11#53
*** Can't find www.cnn.com: No answer
# dig @10.245.46.11 www.www.cnn.com
; <<>> DiG 9.2.4 <<>> @10.245.46.11 www.cnn.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20722
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;www.cnn.com. IN A
;; AUTHORITY SECTION:
. 3600 IN SOA ns.example.com. 357 86400 3600 86400 3600
;; Query time: 1 msec
;; SERVER: 10.245.46.11#53(10.245.46.11)
;; WHEN: Fri Feb 7 10:44:56 2014
;; MSG SIZE rcvd: 86
However if I add a master zone to it (along with the forward zone and the spoofed root) it reques to queries fine.
zone "test.com" IN {
type master;
file "test.com.zone";
};
nslookup ns.test.com 10.245.46.11
Server: 10.245.46.11
Address: 10.245.46.11#53
Name: ns.test.com
Address: 190.208.65.193
So, anyone might have any idea why when having a root spoofed zone it does reply to queries when there is a master zone but it doesn't forward when there is a forwarded zone?
Thanks in advance !