Entonces utilicé bind9 en un servidor pequeño con múltiples NIC para configurar un servidor DNS recursivo de solo caché para mi red doméstica.
Desafortunadamente no funciona, lo que significa que las consultas de DNS de los hosts conectados a la red regresan vacías. Incluso si hago una consulta dentro del servidor DNS, sigo recibiendo respuestas vacías.
Solo funciona cuando habilito la opción de reenvío y agrego los servidores DNS de Google.
He realizado esta configuración muchas veces en el pasado, pero esta vez no quiere funcionar y no estoy seguro de por qué.
A continuación puede encontrar mis configuraciones y algunos archivos de registro.
versión de enlace:
BIND 9.10.3-P4-Debian <id:ebd72b3>
Archivo_configuración:
options {
directory "/var/cache/bind";
dnssec-enable no;
dnssec-validation no;
dnssec-lookaside no;
auth-nxdomain no; # conform to RFC1035
listen-on { 127.0.0.1; 192.168.100.1; 192.168.200.1; };
recursion yes;
allow-recursion { trusted; };
allow-query { trusted; };
allow-query-cache { trusted; };
allow-transfer { none; };
# Only works When forwarding is enabled.
#forwarders {
# 8.8.8.8;
# 8.8.4.4;
#};
};
acl "trusted" {
192.168.100.0/24;
192.168.200.0/24;
127.0.0.0/24;
};
logging {
channel bind_log {
file "/var/log/bind/bind.log" versions 3 size 5m;
severity debug;
print-category yes;
print-severity yes;
print-time yes;
};
category default { bind_log; };
category update { bind_log; };
category update-security { bind_log; };
category security { bind_log; };
category queries { bind_log; };
category query-errors { bind_log; };
category lame-servers { bind_log; };
};
zonas habilitadas:
cat named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "labion" {
type master;
file "/etc/bind/zones/db.labion";
};
prueba de dns (dentro de la máquina del servidor dns):
dig google.com @127.0.0.1
; <<>> DiG 9.10.3-P4-Debian <<>> google.com @127.0.0.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 62808
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; Query time: 70 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sun May 17 12:08:01 CEST 2020
;; MSG SIZE rcvd: 39
prueba de rastreo:
dig +trace @127.0.0.1 google.com
; <<>> DiG 9.10.3-P4-Debian <<>> +trace @127.0.0.1 google.com
; (1 server found)
;; global options: +cmd
. 3600000 IN NS L.ROOT-SERVERS.NET.
. 3600000 IN NS A.ROOT-SERVERS.NET.
. 3600000 IN NS B.ROOT-SERVERS.NET.
. 3600000 IN NS M.ROOT-SERVERS.NET.
. 3600000 IN NS F.ROOT-SERVERS.NET.
. 3600000 IN NS G.ROOT-SERVERS.NET.
. 3600000 IN NS E.ROOT-SERVERS.NET.
. 3600000 IN NS C.ROOT-SERVERS.NET.
. 3600000 IN NS D.ROOT-SERVERS.NET.
. 3600000 IN NS I.ROOT-SERVERS.NET.
. 3600000 IN NS K.ROOT-SERVERS.NET.
. 3600000 IN NS H.ROOT-SERVERS.NET.
. 3600000 IN NS J.ROOT-SERVERS.NET.
;; Received 239 bytes from 127.0.0.1#53(127.0.0.1) in 1 ms
;; Received 28 bytes from 192.203.230.10#53(E.ROOT-SERVERS.NET) in 1 ms
Registro:
17-May-2020 12:08:22.357 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:2::c#53
17-May-2020 12:08:22.357 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:7fe::53#53
17-May-2020 12:08:22.358 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.228.79.201#53
17-May-2020 12:08:22.359 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:84::b#53
17-May-2020 12:08:22.360 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nexus.officeapps.live.com/A/IN': 192.228.79.201#53
17-May-2020 12:08:22.360 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:84::b#53
17-May-2020 12:08:22.361 lame-servers: info: network unreachable resolving 'nexus.officeapps.live.com/A/IN': 2001:500:2d::d#53
17-May-2020 12:08:22.361 query-errors: debug 1: client 192.168.100.50#53456 (nexus.officeapps.live.com): query failed (SERVFAIL) for nexus.officeapps.live.com/IN/A at ../../../bin/named/query.c:7773
17-May-2020 12:08:23.870 queries: info: client 192.168.100.50#63206 (nv5live.westeurope.cloudapp.azure.com): query: nv5live.westeurope.cloudapp.azure.com IN A + (192.168.100.1)
17-May-2020 12:08:23.871 resolver: debug 1: fetch: nv5live.westeurope.cloudapp.azure.com/A
17-May-2020 12:08:23.871 resolver: debug 1: fetch: ./NS
17-May-2020 12:08:23.875 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 198.41.0.4#53
17-May-2020 12:08:23.875 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 198.41.0.4#53
17-May-2020 12:08:23.878 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.203.230.10#53
17-May-2020 12:08:23.878 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.203.230.10#53
17-May-2020 12:08:23.880 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 193.0.14.129#53
17-May-2020 12:08:23.880 lame-servers: info: network unreachable resolving './NS/IN': 2001:7fd::1#53
17-May-2020 12:08:23.881 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 193.0.14.129#53
17-May-2020 12:08:23.883 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.112.36.4#53
17-May-2020 12:08:23.883 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.112.36.4#53
17-May-2020 12:08:23.885 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.228.79.201#53
17-May-2020 12:08:23.886 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.228.79.201#53
17-May-2020 12:08:23.886 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:84::b#53
17-May-2020 12:08:23.886 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:84::b#53
17-May-2020 12:08:23.888 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 202.12.27.33#53
17-May-2020 12:08:23.889 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 202.12.27.33#53
17-May-2020 12:08:23.889 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:7fd::1#53
17-May-2020 12:08:23.891 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.5.5.241#53
17-May-2020 12:08:23.891 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2f::f#53
17-May-2020 12:08:23.891 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.5.5.241#53
17-May-2020 12:08:23.892 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2f::f#53
17-May-2020 12:08:23.893 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.58.128.30#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving './NS/IN': 2001:503:c27::2:30#53
17-May-2020 12:08:23.894 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.58.128.30#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving './NS/IN': 2001:dc3::35#53
17-May-2020 12:08:23.894 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:503:c27::2:30#53
17-May-2020 12:08:23.895 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:dc3::35#53
17-May-2020 12:08:23.897 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 199.7.83.42#53
17-May-2020 12:08:23.898 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 199.7.83.42#53
17-May-2020 12:08:23.898 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:3::42#53
17-May-2020 12:08:23.899 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 198.97.190.53#53
17-May-2020 12:08:23.899 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:1::53#53
17-May-2020 12:08:23.900 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:3::42#53
17-May-2020 12:08:23.901 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 198.97.190.53#53
17-May-2020 12:08:23.901 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:1::53#53
17-May-2020 12:08:23.902 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.33.4.12#53
17-May-2020 12:08:23.903 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2::c#53
17-May-2020 12:08:23.904 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.33.4.12#53
17-May-2020 12:08:23.904 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2::c#53
17-May-2020 12:08:23.905 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 192.36.148.17#53
17-May-2020 12:08:23.905 lame-servers: info: network unreachable resolving './NS/IN': 2001:7fe::53#53
17-May-2020 12:08:23.907 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 192.36.148.17#53
17-May-2020 12:08:23.907 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:7fe::53#53
17-May-2020 12:08:23.908 lame-servers: info: SERVFAIL unexpected RCODE resolving './NS/IN': 199.7.91.13#53
17-May-2020 12:08:23.909 lame-servers: info: network unreachable resolving './NS/IN': 2001:500:2d::d#53
17-May-2020 12:08:23.909 lame-servers: info: network unreachable resolving './NS/IN': 2001:503:ba3e::2:30#53
17-May-2020 12:08:23.910 lame-servers: info: SERVFAIL unexpected RCODE resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 199.7.91.13#53
17-May-2020 12:08:23.910 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:500:2d::d#53
17-May-2020 12:08:23.910 lame-servers: info: network unreachable resolving 'nv5live.westeurope.cloudapp.azure.com/A/IN': 2001:503:ba3e::2:30#53
17-May-2020 12:08:23.911 query-errors: debug 1: client 192.168.100.50#63206 (nv5live.westeurope.cloudapp.azure.com): query failed (SERVFAIL) for nv5live.westeurope.cloudapp.azure.com/IN/A at ../../../bin/named/query.c:7773
17-May-2020 12:08:30.625 queries: info: client 192.168.100.50#63673 (lapitopia.labion): query: lapitopia.labion IN A + (192.168.100.1)
17-May-2020 12:08:30.629 queries: info: client 192.168.100.50#63166 (lapitopia.labion): query: lapitopia.labion IN AAAA + (192.168.100.1)
ACTUALIZAR: Parece que no puedo comunicarme con los servidores raíz, lo cual es algo extraño. ¿Podría ser esto lo que está haciendo mi nuevo ISP? ¿Cómo puedo resolver esto?
root@mordor:~# dig +bufsize=1200 +norec NS . @a.root-servers.net
; <<>> DiG 9.10.3-P4-Debian <<>> +bufsize=1200 +norec NS . @a.root-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 1119
;; flags: qr ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;. IN NS
;; Query time: 1 msec
;; SERVER: 198.41.0.4#53(198.41.0.4)
;; WHEN: Sun May 17 15:17:17 CEST 2020
;; MSG SIZE rcvd: 17
root@mordor:~#
Sin embargo, pude consultar directamente una de las raíces "." servidores
root@mordor:~# host L.ROOT-SERVERS.NET.
l.root-servers.net has address 199.7.83.42
L.ROOT-SERVERS.NET has IPv6 address 2001:500:9f::42
root@mordor:~# dig google.com @199.7.83.42
; <<>> DiG 9.10.3-P4-Debian <<>> google.com @199.7.83.42
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20382
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 50 IN A 172.217.169.174
;; AUTHORITY SECTION:
google.com. 6520 IN NS ns3.gOoGLE.com.
google.com. 6520 IN NS ns4.gOoGLE.com.
google.com. 6520 IN NS ns1.gOoGLE.com.
google.com. 6520 IN NS ns2.gOoGLE.com.
;; Query time: 17 msec
;; SERVER: 199.7.83.42#53(199.7.83.42)
;; WHEN: Sun May 17 15:26:13 CEST 2020
;; MSG SIZE rcvd: 336
Entonces, ¿esto significa que las zonas raíz de enlace no están configuradas correctamente?