Re: How to create a fake root server?
Hi Kevin, Thanks for your reply. It's just for a closed internal network with no access to the rest of the internet. Making labs such as testing ISP functions and services, mail servers etc. Everything is running inside an VMware host with an internal closed network. I have created a closed Internet on 172.16.x.x where I would like to put up a root server for .loc, where several other ISP-DNS servers, with domains, are referred to. I've managed to create those ISP-DNS servers which works fine. But I'm having trouble to create the root DNS server with Bind. I haven't found any useful examples at the web yet. It's for a school project. Regards, Peter On 12/03/14 19:56, Kevin Darcy wrote: First of all, don't use .loc as an internal TLD. There are *many* proposals in process with ICANN for establishing new TLDs, and for all you know, .loc might be one of them. If .loc gets established on the Internet, and you're using it internally, that presents abundant opportunities for confusion and failure. Use a publically-registered domain, a descendant of a publically-registered domain, or potentially, one of the reserved TLDs in RFC 6761. I'm not sure what your question is, exactly. Set up the root zone, slave it, publish 2 or more of the master/slaves in the NS records, delegate whatever TLD you're going to use, set up *that* zone, lather, rinse, repeat, for the entire hierarchy. Anyone who reads _DNS_and_BIND_ should be able to set up an internal-root infrastructure, IMO (although, sadly, the later editions don't seem as aligned to internal-root as they used to be). - Kevin On 3/12/2014 11:07 AM, Peter wrote: Hi guys, I'm doing a virtual internet (internal net) for several VPS's. My goal is to simulate the Internet root servers and the ISP:s domain servers, which are hosting the actual domains. I want to the create several DNS nameservers that will contain the specific domain under the xxx.loc, yyy.loc, zzz.loc. 1 server for the .loc root 3 servers for xxx.loc (server1), yyy.loc (server2), zzz.loc (server3) Running BIND 9 at every server. Any suggestions or good links are highly appreciated. Best regards, Peter ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to create a fake root server?
In message 53216b43.8040...@gmail.com, Peter writes: Hi Kevin, Thanks for your reply. It's just for a closed internal network with no access to the rest of the internet. Making labs such as testing ISP functions and services, mail servers etc. Everything is running inside an VMware host with an internal closed network. I have created a closed Internet on 172.16.x.x where I would like to put up a root server for .loc, where several other ISP-DNS servers, with domains, are referred to. I've managed to create those ISP-DNS servers which works fine. But I'm having trouble to create the root DNS server with Bind. I haven't found any useful examples at the web yet. Perhaps because a root zone is like any other zone. It has a SOA record and NS records at the apex and other records. . 3600 SOA server.example.net. hostmaster.example.net. 1 3600 1200 2419200 3600 . 3600 NS server.example.net. . 3600 NS another.example.net. server.example.net. 3600 A 1.2.3.4 another.example.net. 3600 A 1.2.3.5 It's for a school project. Regards, Peter On 12/03/14 19:56, Kevin Darcy wrote: First of all, don't use .loc as an internal TLD. There are *many* proposals in process with ICANN for establishing new TLDs, and for all you know, .loc might be one of them. If .loc gets established on the Internet, and you're using it internally, that presents abundant opportunities for confusion and failure. Use a publically-registered domain, a descendant of a publically-registered domain, or potentially, one of the reserved TLDs in RFC 6761. I'm not sure what your question is, exactly. Set up the root zone, slave it, publish 2 or more of the master/slaves in the NS records, delegate whatever TLD you're going to use, set up *that* zone, lather, rinse, repeat, for the entire hierarchy. Anyone who reads _DNS_and_BIND_ should be able to set up an internal-root infrastructure, IMO (although, sadly, the later editions don't seem as aligned to internal-root as they used to be). - Kevin On 3/12/2014 11:07 AM, Peter wrote: Hi guys, I'm doing a virtual internet (internal net) for several VPS's. My goal is to simulate the Internet root servers and the ISP:s domain servers, which are hosting the actual domains. I want to the create several DNS nameservers that will contain the specific domain under the xxx.loc, yyy.loc, zzz.loc. 1 server for the .loc root 3 servers for xxx.loc (server1), yyy.loc (server2), zzz.loc (server3) Running BIND 9 at every server. Any suggestions or good links are highly appreciated. Best regards, Peter ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: How to create a fake root server?
I finally managed to configure a TLD DNS server which will answer, in
its own CLI, with proper IP:s for added domains. The problem is that it
doesn't reply to the other querying Domain DNS servers when they are
asking for domain lookups to it. I can only do lookups inside the TLD
DNS server.
The TLD server settings:
named.conf
---
options {
directory /var/cache/bind;
// forwarders {
// 0.0.0.0;
// };
dnssec-validation auto;
auth-nxdomain no;# conform to RFC1035
listen-on-v6 { any; };
allow-query { any; };
recursion yes;
};
zone loc {
type master;
file /etc/bind/pri.loc;
};
---
pri.loc
---
$ORIGIN .
$TTL 7200 ; 2 hours
loc IN SOA ns1.intranet admin.intranet.loc (
2 ; serial
7200 ; refresh (2 hours)
1800 ; retry (30 minutes)
7200 ; expire (2 hours)
7200 ; minimum (2 hours)
)
NS ns1.intranet
$ORIGIN loc.
domain1 A 172.16.0.121
domain2A 172.16.0.122
---
TLD Server# ping domain1.loc
PING domain1.loc (172.16.0.121) 56(84) bytes of data.
64 bytes from 172.16.0.121: icmp_req=1 ttl=64 time=0.196 ms
64 bytes from 172.16.0.121: icmp_req=2 ttl=64 time=0.160 ms
64 bytes from 172.16.0.121: icmp_req=3 ttl=64 time=0.177 ms
TLD Server# ping domain2.loc
PING domain2.loc (172.16.0.121) 56(84) bytes of data.
64 bytes from 172.16.0.121: icmp_req=1 ttl=64 time=0.193 ms
64 bytes from 172.16.0.121: icmp_req=2 ttl=64 time=0.168 ms
64 bytes from 172.16.0.121: icmp_req=3 ttl=64 time=0.172 ms
Domain Server1# ping domain2.loc
ping: unknown host domain2.loc
Domain Server2# ping domain1.loc
ping: unknown host domain2.loc
On both Domain DNS servers, I have made forwards with the IP of the TLD
server. But they simply will not receive any lookup answers. They have
also been configured with 127.0.0.1 in the resolv.conf file, which means
they will use their own internal DNS server for lookups. All servers are
on the same 172.16.0.x network.
What am I doing wrong here?
Sincerely, Peter
On 13/03/14 11:10, Mark Andrews wrote:
In message 53216b43.8040...@gmail.com, Peter writes:
Hi Kevin,
Thanks for your reply. It's just for a closed internal network with no
access to the rest of the internet. Making labs such as testing ISP
functions and services, mail servers etc. Everything is running inside
an VMware host with an internal closed network.
I have created a closed Internet on 172.16.x.x where I would like to
put up a root server for .loc, where several other ISP-DNS servers, with
domains, are referred to. I've managed to create those ISP-DNS servers
which works fine. But I'm having trouble to create the root DNS server
with Bind. I haven't found any useful examples at the web yet.
Perhaps because a root zone is like any other zone. It has a SOA
record and NS records at the apex and other records.
. 3600 SOA server.example.net. hostmaster.example.net. 1 3600 1200 2419200 3600
. 3600 NS server.example.net.
. 3600 NS another.example.net.
server.example.net. 3600 A 1.2.3.4
another.example.net. 3600 A 1.2.3.5
It's for a school project.
Regards, Peter
On 12/03/14 19:56, Kevin Darcy wrote:
First of all, don't use .loc as an internal TLD. There are *many*
proposals in process with ICANN for establishing new TLDs, and for all
you know, .loc might be one of them. If .loc gets established on the
Internet, and you're using it internally, that presents abundant
opportunities for confusion and failure.
Use a publically-registered domain, a descendant of a
publically-registered domain, or potentially, one of the reserved TLDs
in RFC 6761.
I'm not sure what your question is, exactly. Set up the root zone,
slave it, publish 2 or more of the master/slaves in the NS records,
delegate whatever TLD you're going to use, set up *that* zone, lather,
rinse, repeat, for the entire hierarchy. Anyone who reads
_DNS_and_BIND_ should be able to set up an internal-root
infrastructure, IMO (although, sadly, the later editions don't seem as
aligned to internal-root as they used to be).
- Kevin
On 3/12/2014 11:07 AM, Peter wrote:
Hi guys,
I'm doing a virtual internet (internal net) for several VPS's. My
goal is to simulate the Internet root servers and the ISP:s domain
servers, which are hosting the actual domains. I want to the create
several DNS nameservers that will contain the specific domain under
the xxx.loc, yyy.loc, zzz.loc.
1 server for the .loc root
3 servers for xxx.loc (server1),
Re: How to create a fake root server?
Either set up a *root* zone, with a delegation to your TLD, and those
other nameservers will be configured with hints files
or
You'll have to use some other mechanism -- e.g. slave, stub -- on those
nameservers, so that they know how to resolve names in your TLD.
- Kevin
On 3/13/2014 4:28 PM, Peter wrote:
I finally managed to configure a TLD DNS server which will answer, in
its own CLI, with proper IP:s for added domains. The problem is that
it doesn't reply to the other querying Domain DNS servers when they
are asking for domain lookups to it. I can only do lookups inside the
TLD DNS server.
The TLD server settings:
named.conf
---
options {
directory /var/cache/bind;
// forwarders {
// 0.0.0.0;
// };
dnssec-validation auto;
auth-nxdomain no;# conform to RFC1035
listen-on-v6 { any; };
allow-query { any; };
recursion yes;
};
zone loc {
type master;
file /etc/bind/pri.loc;
};
---
pri.loc
---
$ORIGIN .
$TTL 7200 ; 2 hours
loc IN SOA ns1.intranet admin.intranet.loc (
2 ; serial
7200 ; refresh (2 hours)
1800 ; retry (30 minutes)
7200 ; expire (2 hours)
7200 ; minimum (2 hours)
)
NS ns1.intranet
$ORIGIN loc.
domain1 A 172.16.0.121
domain2A 172.16.0.122
---
TLD Server# ping domain1.loc
PING domain1.loc (172.16.0.121) 56(84) bytes of data.
64 bytes from 172.16.0.121: icmp_req=1 ttl=64 time=0.196 ms
64 bytes from 172.16.0.121: icmp_req=2 ttl=64 time=0.160 ms
64 bytes from 172.16.0.121: icmp_req=3 ttl=64 time=0.177 ms
TLD Server# ping domain2.loc
PING domain2.loc (172.16.0.121) 56(84) bytes of data.
64 bytes from 172.16.0.121: icmp_req=1 ttl=64 time=0.193 ms
64 bytes from 172.16.0.121: icmp_req=2 ttl=64 time=0.168 ms
64 bytes from 172.16.0.121: icmp_req=3 ttl=64 time=0.172 ms
Domain Server1# ping domain2.loc
ping: unknown host domain2.loc
Domain Server2# ping domain1.loc
ping: unknown host domain2.loc
On both Domain DNS servers, I have made forwards with the IP of the
TLD server. But they simply will not receive any lookup answers. They
have also been configured with 127.0.0.1 in the resolv.conf file,
which means they will use their own internal DNS server for lookups.
All servers are on the same 172.16.0.x network.
What am I doing wrong here?
Sincerely, Peter
On 13/03/14 11:10, Mark Andrews wrote:
In message 53216b43.8040...@gmail.com, Peter writes:
Hi Kevin,
Thanks for your reply. It's just for a closed internal network with no
access to the rest of the internet. Making labs such as testing ISP
functions and services, mail servers etc. Everything is running inside
an VMware host with an internal closed network.
I have created a closed Internet on 172.16.x.x where I would like to
put up a root server for .loc, where several other ISP-DNS servers,
with
domains, are referred to. I've managed to create those ISP-DNS
servers
which works fine. But I'm having trouble to create the root DNS server
with Bind. I haven't found any useful examples at the web yet.
Perhaps because a root zone is like any other zone. It has a SOA
record and NS records at the apex and other records.
. 3600 SOA server.example.net. hostmaster.example.net. 1 3600 1200
2419200 3600
. 3600 NS server.example.net.
. 3600 NS another.example.net.
server.example.net. 3600 A 1.2.3.4
another.example.net. 3600 A 1.2.3.5
It's for a school project.
Regards, Peter
On 12/03/14 19:56, Kevin Darcy wrote:
First of all, don't use .loc as an internal TLD. There are *many*
proposals in process with ICANN for establishing new TLDs, and for all
you know, .loc might be one of them. If .loc gets established on the
Internet, and you're using it internally, that presents abundant
opportunities for confusion and failure.
Use a publically-registered domain, a descendant of a
publically-registered domain, or potentially, one of the reserved TLDs
in RFC 6761.
I'm not sure what your question is, exactly. Set up the root zone,
slave it, publish 2 or more of the master/slaves in the NS records,
delegate whatever TLD you're going to use, set up *that* zone, lather,
rinse, repeat, for the entire hierarchy. Anyone who reads
_DNS_and_BIND_ should be able to set up an internal-root
infrastructure, IMO (although, sadly, the later editions don't seem as
aligned to internal-root as they used to be).
- Kevin
On 3/12/2014 11:07 AM, Peter wrote:
Hi guys,
I'm doing a virtual internet
Re: How to create a fake root server?
Had to think for a moment on how we got our own TLD to work
The answer is that all our resolvers, including the localhost resolvers
for machines in 10.x.x.x space.
Don't recall if it was related to this or not...but these localhost
resolvers also use forward first;
I had at one time tried to make the recursive caching resolvers be only
this...stop being authoritative slaveswhich didn't work. And, I had
heard complaints of people who refuse to use central DNS not being able
to resolve names our own TLD, or only visible through the our ksu
(internal) view. The latter, being that our published
authoritative-only nameservers only know about the external view (or use
our central DNS servers...since they are currently all also being
authoritative for our TLD (and for ksu.edu k-state.edu.)
On 03/13/14 15:28, Peter wrote:
I finally managed to configure a TLD DNS server which will answer, in
its own CLI, with proper IP:s for added domains. The problem is that it
doesn't reply to the other querying Domain DNS servers when they are
asking for domain lookups to it. I can only do lookups inside the TLD
DNS server.
The TLD server settings:
named.conf
---
options {
directory /var/cache/bind;
// forwarders {
// 0.0.0.0;
// };
dnssec-validation auto;
auth-nxdomain no;# conform to RFC1035
listen-on-v6 { any; };
allow-query { any; };
recursion yes;
};
zone loc {
type master;
file /etc/bind/pri.loc;
};
---
pri.loc
---
$ORIGIN .
$TTL 7200 ; 2 hours
loc IN SOA ns1.intranet admin.intranet.loc (
2 ; serial
7200 ; refresh (2 hours)
1800 ; retry (30 minutes)
7200 ; expire (2 hours)
7200 ; minimum (2 hours)
)
NS ns1.intranet
$ORIGIN loc.
domain1 A 172.16.0.121
domain2A 172.16.0.122
---
TLD Server# ping domain1.loc
PING domain1.loc (172.16.0.121) 56(84) bytes of data.
64 bytes from 172.16.0.121: icmp_req=1 ttl=64 time=0.196 ms
64 bytes from 172.16.0.121: icmp_req=2 ttl=64 time=0.160 ms
64 bytes from 172.16.0.121: icmp_req=3 ttl=64 time=0.177 ms
TLD Server# ping domain2.loc
PING domain2.loc (172.16.0.121) 56(84) bytes of data.
64 bytes from 172.16.0.121: icmp_req=1 ttl=64 time=0.193 ms
64 bytes from 172.16.0.121: icmp_req=2 ttl=64 time=0.168 ms
64 bytes from 172.16.0.121: icmp_req=3 ttl=64 time=0.172 ms
Domain Server1# ping domain2.loc
ping: unknown host domain2.loc
Domain Server2# ping domain1.loc
ping: unknown host domain2.loc
On both Domain DNS servers, I have made forwards with the IP of the TLD
server. But they simply will not receive any lookup answers. They have
also been configured with 127.0.0.1 in the resolv.conf file, which means
they will use their own internal DNS server for lookups. All servers are
on the same 172.16.0.x network.
What am I doing wrong here?
Sincerely, Peter
On 13/03/14 11:10, Mark Andrews wrote:
In message 53216b43.8040...@gmail.com, Peter writes:
Hi Kevin,
Thanks for your reply. It's just for a closed internal network with no
access to the rest of the internet. Making labs such as testing ISP
functions and services, mail servers etc. Everything is running inside
an VMware host with an internal closed network.
I have created a closed Internet on 172.16.x.x where I would like to
put up a root server for .loc, where several other ISP-DNS servers, with
domains, are referred to. I've managed to create those ISP-DNS servers
which works fine. But I'm having trouble to create the root DNS server
with Bind. I haven't found any useful examples at the web yet.
Perhaps because a root zone is like any other zone. It has a SOA
record and NS records at the apex and other records.
. 3600 SOA server.example.net. hostmaster.example.net. 1 3600 1200
2419200 3600
. 3600 NS server.example.net.
. 3600 NS another.example.net.
server.example.net. 3600 A 1.2.3.4
another.example.net. 3600 A 1.2.3.5
It's for a school project.
Regards, Peter
On 12/03/14 19:56, Kevin Darcy wrote:
First of all, don't use .loc as an internal TLD. There are *many*
proposals in process with ICANN for establishing new TLDs, and for all
you know, .loc might be one of them. If .loc gets established on the
Internet, and you're using it internally, that presents abundant
opportunities for confusion and failure.
Use a publically-registered domain, a descendant of a
publically-registered domain, or potentially, one of the
