Hello, I learn network administration and like to configure my network to do:
workstation -> ns.intra.mydomain.com -> ns.mydomain.com currently I have followin configs: workstation: --( /etc/resolv.conf )-------------------------------------------------- search intra.mydomain.com nameserver 192.168.0.2 ------------------------------------------------------------------------ ns.intra.mydomain.com --( /etc/resolv.conf )-------------------------------------------------- search mydomain.com nameserver IP.OF.MY.PUBLIC.NS ------------------------------------------------------------------------- --( /etc/named.conf.options )------------------------------------------- options { directory "/var/cache/bind"; check-names master fail; check-names slave warn; check-names response ignore; auth-nxdomain no; listen-on-v6 { any; }; listen-on { 192.168.0.2; }; forwarders { IP.OF.MY.PUBLIC.NS; }; dnssec-enable yes; }; logging { channel default_syslog { syslog local2; severity info; print-category yes; print-severity yes; print-time no; }; category default { }; category edns-disabled { null; }; }; include "/etc/bind/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; include "/etc/bind/tsig.key"; ------------------------------------------------------------------------ ns.mydomain.com: --( /etc/resolv.conf )-------------------------------------------------- ------------------------------------------------------------------------ --( /etc/named.conf.options )------------------------------------------- options { directory "/var/cache/bind"; check-names master fail; check-names slave warn; check-names response ignore; auth-nxdomain no; listen-on-v6 { any; }; listen-on { IP.OF.MY.PUBLIC.NS; }; dnssec-enable yes; recursion yes; allow-recursion { any; }; allow-query { any; }; allow-query-cache { any; }; }; logging { channel default_syslog { syslog local2; severity info; print-category yes; print-severity yes; print-time no; }; category default { default_syslog; }; }; include "/etc/bind/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1; } keys { "rndc-key"; }; }; include "/etc/bind/tsig.key"; ------------------------------------------------------------------------ I have gotten the above config from the internet but it seems not to work, because I have the same error messages like lame-servers: info: error (unexpected RCODE REFUSED) resolving... security: info: client MY.FIXED.HOME.IP#5525: query (cache) 'some_domain' denied lame-servers: info: error (network unreachable) resolving 'b.au/AAAA/IN': 2607:f140:ffff:fffe::3#53 lame-servers: info: lame server resolving 'www.some_domain' (in 'some_domain'?): first.NS.IP#53 lame-servers: info: lame server resolving 'www.some_domain' (in 'some_domain'?): second.NS.IP#53 in my logs as another person on the list. So, in the last days I was searchi the intenet hell how to solf this problem but have noting found yet Can someone help me please? Where can I find a HOWTO which tell me how to setup my Name Server correctly including DNSEC3 Thanks Note: I need to lean this perfectly, because I come from a conty where peoples are kidnaped and killed by the government and I need a bulletproof setup which I can put online one day without risking being hacked by my government _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users