1

We need to create an Stealth (DMZ, Split or Hidden Master) Name Server. We are able to create Name Server for our private network and our sub-domain's are resolve in our Local Area Network where not in World Wide! Would you please help us to resolve the missing configuration?

Note: Sorry for being the large question, We beg your pardon as we are fresh contributor to an R&D based community.

Where following domain we have:

Domain       : chorke.org
Name Server  : ns8533.hostgator.com
Name Server  : ns8534.hostgator.com
Subdomain    : bgd.chorke.org (public)
CNAME of bgd : cki00.ddns.net (noip.com)

Network information as below:

GTW : 10.19.83.1    (Gateway/Router)
DMZ : 10.19.83.3    (bgd.chorke.org  & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)

Following packages installed:

sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils

Startup options in /etc/default/bind9

RESOLVCONF=no
OPTIONS="-u bind -4"

Options in /etc/bind/named.conf.options

acl internals {
        127.0.0.0/24;  # 1-254
        10.19.83.0/24; # 1-254
};
acl externals {
        10.19.83.0/29;  # 1-7   (public)
        !10.19.83.0/24; # 1-254 (private)
};
options {
        directory "/var/cache/bind";
        auth-nxdomain no;
        forwarders {
                8.8.8.8;    # Google DNS
                8.8.4.4;    # Google DNS
                10.19.83.1; # Router DNS
        };
        dnssec-validation auto;
        listen-on-v6 { none; };
        listen-on port 53 {
                127.0.0.1;
                10.19.83.3;
        };
        allow-transfer { none; };
        allow-query { internals; };
        allow-recursion { internals; };
};

Zones in /etc/bind/named.conf.local

include "/etc/bind/rndc.key";
zone "bgd.chorke.org" {
    type master;
    file "/etc/bind/zones/db.bgd.chorke.org";     # forward zone
    allow-update { key rndc-key; };
};

zone "83.19.10.in-addr.arpa" {
    type master;
    file "/etc/bind/zones/db.83.19.10";           # reverse zone
    allow-update { key rndc-key; };
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";

Forward zones in /etc/bind/zones/db.bgd.chorke.org

$TTL     600
$ORIGIN bgd.chorke.org.

@       IN      SOA     ns0.bgd.chorke.org. root.bgd.chorke.org. (
                        201908051           ; Serial       YYYYmmddI
                             3600           ; Refresh            01H
                              600           ; Retry              10M
                            86400           ; Expire             01D
                              600 )         ; Negative Cache TTL 10S
; NS Records
@       IN      NS      ns0.bgd.chorke.org.
@       IN      NS      ns8533.hostgator.com.
@       IN      NS      ns8534.hostgator.com.
@       IN      NS      bgd.chorke.org.
@       IN      A       10.19.83.3
; A  Records
apn             A       10.19.83.2
ftp             A       10.19.83.4
gtw             A       10.19.83.1
ns0             A       10.19.83.3

Reverse zones in /etc/bind/zones/db.83.19.10

$TTL     600
$ORIGIN 83.19.10.in-addr.arpa.

@       IN      SOA     ns0.bgd.chorke.org. root.bgd.chorke.org. (
                        201908051           ; Serial       YYYYmmddI
                             3600           ; Refresh            01H
                              600           ; Retry              10M
                            86400           ; Expire             01D
                              600 )         ; Negative Cache TTL 10S
; NS  Records
@       IN      NS      ns0.bgd.chorke.org.
@       IN      NS      ns8533.hostgator.com.
@       IN      NS      ns8534.hostgator.com.
@       IN      NS      bgd.chorke.org.
; PTR Records
1.83    IN      PTR     gtw.bgd.chorke.org.
2.83    IN      PTR     apn.bgd.chorke.org.
3.83    IN      PTR     ns0.bgd.chorke.org.
4.83    IN      PTR     ftp.bgd.chorke.org.
Śhāhēēd
  • 111
  • 4
  • 1
    Could you clarify the actual goal a bit? You mostly describe what you have done, it would be good to better understand the details of the goal. Questions (based on my current understanding): The `bgd.chorke.org` zone appears to have records referring to private (rfc1918) IP addresses, this is not well suited for public use, are you sure this is the zone that you want to make public? Do you have public nameservers lined up that can be configured to host the slave zone for `bgd.chorke.org`? – Håkan Lindqvist Aug 05 '19 at 06:26
  • @djdomi Possibly, if this turns out to be a case of the [XY-problem](https://en.wikipedia.org/wiki/XY_problem). – Håkan Lindqvist Aug 05 '19 at 07:06
  • @HåkanLindqvist your right, i already thinked on it – djdomi Aug 05 '19 at 07:22
  • @HåkanLindqvist ```bgd.chorke.org``` resolved World Wide where it's sub-domain's are not! Consider that ```gtw.bgd.chorke.org``` is one of the sub-domain's of ```bgd.chorke.org``` resolved in **Local Area Network** but not in World Wide. If we could resolve ```gtw.bgd.chorke.org``` from World Wide then our problem will be solved. I updated Name Server for both forward and reverse zone. please check it. – Śhāhēēd Aug 05 '19 at 07:37

0 Answers0