1

I'm sadly restricted to a very old version of bind (9.4.2)

This is the think. If I setup bind with a named.conf and only forwarding it works perfect.

acl  clients    {
    any  ;
};

options {
    listen-on { 10.245.46.11; };
    forward only ;
    forwarders { 8.8.8.8 ; } ; 
    allow-query { clients ; };
    max-cache-size 2097152 ; 
    empty-zones-enable no;
    querylog yes;
    directory "/usr/local/named/etc/zones";
    dump-file "/usr/local/named/cache_dump.db";
    statistics-file "/usr/local/named/named_stats.txt";
    version "not currently available";
    pid-file "/usr/local/named/var/run/named.pid";
};

As soon as I add a spoofed root zone it works as intended.

zone "." IN {
        type master;
        file "all.zone";
    notify no;
};

Where all.zone contains only a single A address with wildcard forwarding to it so all DNS queries get replied with that single address.

The problem I am facing is that I wan't to allow certain domains to be forwarded to the public DNS. Example below

zone "cnn.com" {
        type forward;
        forwarders { 8.8.8.8; 8.8.4.4; };
};

/** Spoofed **/
zone "." IN {
        type master;
        file "all.zone";
        notify no;
};

Every query to *.cnn.com gets replied with nothing (instead of the spoofed address)

nslookup www.cnn.com 10.245.46.11
Server:         10.245.46.11
Address:        10.245.46.11#53

*** Can't find www.cnn.com: No answer

# dig  @10.245.46.11 www.www.cnn.com

; <<>> DiG 9.2.4 <<>> @10.245.46.11 www.cnn.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20722
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.cnn.com.                   IN      A

;; AUTHORITY SECTION:
.                       3600    IN      SOA     ns.example.com. 357 86400 3600 86400 3600

;; Query time: 1 msec
;; SERVER: 10.245.46.11#53(10.245.46.11)
;; WHEN: Fri Feb  7 10:44:56 2014
;; MSG SIZE  rcvd: 86

However if I add a master zone to it (along with the forward zone and the spoofed root) it reques to queries fine.

zone "test.com" IN {
    type master;
    file "test.com.zone";
};

nslookup ns.test.com 10.245.46.11
Server:         10.245.46.11
Address:        10.245.46.11#53

Name:   ns.test.com
Address: 190.208.65.193

So, anyone might have any idea why when having a root spoofed zone it does reply to queries when there is a master zone but it doesn't forward when there is a forwarded zone?

Thanks in advance !

jdq2013
  • 11
  • 4
  • 1
    Try changing `zone "cnn.com"` to `zone "cnn.com."`. Just a stab in the dark. You've defined a forwarder with no root mentioned. The root is `.` and I'm not sure if it's implied for forwarding when you omit it. – Sean C. Feb 07 '14 at 14:44
  • You are right and it's a wrong copy paste. There is no forwarding on "." zone. I'll try your suggestion – jdq2013 Feb 07 '14 at 17:23
  • Sadly adding "cnn.com." didn't work :( – jdq2013 Feb 07 '14 at 17:44

0 Answers0