Setting up DNS server to resolve request to domain "abc.com" to its own host

Question

I have a server with the public ip-address (lets say) 198.20.30.40

I am trying to setup a DNS server on this host so that I can resolve all request to "stackoverflow.com" being made to get resolved as the "198.20.30.40" instead of the actual stackoverflow. Of-course I have set the Primary-DNS server in the client requesting stackoverflow as 198.20.30.40. There are other open-dns server (8.8.8.8) set as secondary DNS.

After following the tutorial, I am unable to get it to work.

This is what I am getting when I do a "dig". It looks like it is working

$ dig stackoverflow.com
; <<>> DiG 9.8.3-P1 <<>> stackoverflow.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43984
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;stackoverflow.com.         IN  A
;; AUTHORITY SECTION:
stackoverflow.com.      86400   IN  SOA ns.stackoverflow.com. hostmaster.linux.bogus. 990 28800 7200 2419200 86400
;; Query time: 152 msec
;; SERVER: 198.20.30.40#53(198.20.30.40)
;; WHEN: Thu Mar  3 15:14:45 2016
;; MSG SIZE  rcvd: 90

However, when I do nslookup, I get the following. It does not give the ip address of my server ie. 198.20.30.40

$ nslookup stackoverflow.com
;; Got recursion not available from 198.20.30.40, trying next server
Server:     8.8.8.8
Address:    8.8.8.8#53
Non-authoritative answer:
Name:   stackoverflow.com
Address: x.y.z.d

Here is what my /etc/bind/named.conf.local configuration file looks like

zone "stackoverflow.com" {
        type master;
        notify no;
        file "/etc/bind/stackoverflow.com";
};
zone "30.20.198.in-addr.arpa" {
        type master;
        file "/etc/bind/198.20.30";
};

My /etc/bind/stackoverflow.com

$TTL 3D
@       IN      SOA     ns.stackoverflow.com. hostmaster.linux.bogus. (
                        990       ; serial, todays date + todays serial #
                        8H              ; refresh, seconds
                        2H              ; retry, seconds
                        4W              ; expire, seconds
                        1D )            ; minimum, seconds
;
                NS      ns              ; Inet Address of name server
                MX      10 mail.linux.bogus.     ; Primary Mail Exchanger
                MX      20 mail.friend.bogus.   ; Secondary Mail Exchanger
;
localhost       A       198.20.30.40
ns              A       198.20.30.40
www             CNAME   ns
media           CNAME   ns
jobs            CNAME   ns
ir              CNAME   ns
help            CNAME   ns
mail            A       198.20.30.40

My /etc/bind/198.20.30

$TTL 3D
@               IN      SOA     ns.stackoverflow.com. hostmaster.linux.bogus. (
                                989       ; Serial
                                8H      ; Refresh
                                2H      ; Retry
                                4W      ; Expire
                                1D)     ; Minimum TTL
                        NS      ns.stackoverflow.com.
40                     PTR      ns.stackoverflow.com.
40                     PTR      jobs.stackoverflow.com.
40                     PTR      help.stackoverflow.com.

Answer 1

You've answered your own question, you just don't realize it.

When executing dig without +norecurse, you saw:

;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

And when you tried to use nslookup, you saw:

;; Got recursion not available from 198.20.30.40, trying next server

You've configured an authoritative DNS server, which does not respond to just any DNS query. It only responds to requests for domains that have been configured. Authoritative-only servers should not be configured as a DNS server for use with all recursive queries made by a workstation or server, which is what you have done above. In other words, an authoritative-only server should never be used in the same context as a recursive server such as 8.8.8.8.

What you're encountering here is a difference in how dig and nslookup behave with this particular misconfiguration. dig will display a warning about recursion not being available but provide the authoritative answer if it is available. nslookup will also warn you that recursion is not available, but will not display the authoritative answer and skip to the next server entirely.

At this point it is strongly recommended to remove the authoritative-only server from your list of recursive servers, and to perform some independent research on the difference between these types of servers. While it is possible to configure an authoritative server to also be a recursive server, this is almost always a bad idea if this is an internet facing authoritative server as this results in an insecure configuration known as an "open resolver". (plenty of info on Google about those)