First of all, I am not experienced in this field. Therefore, the question may be nonsensical.
I have installed BIND9 on my server machine (Ubuntu 16.04). DNS forwarding does not work if the client machine performs external DNS query.
The contents of some files on my server are as follows:
/etc/bind/named.conf.options
acl "trusted"{ 10.5.147.189; #kasirga server-bogurtlen 10.5.146.142; #host dut 10.5.147.210; #host jalapeno 10.5.147.215; #host nar 10.5.147.120; #ahududu 10.5.147.72; #ceviz 10.5.147.76; #greyfurt 10.5.147.79; #havuc 10.5.147.118; #kestane 10.5.146.122; #erik 10.5.147.206; #mandalina 10.5.147.152; #incir 10.5.147.180; #ot
};
options { directory "/var/cache/bind"; forwarders { 8.8.8.8; 8.8.4.4; }; recursion yes; allow-query {trusted;}; forward only; dnssec-validation auto; auth-nxdomain no; listen-on-v6 { any; };
};/etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static address 10.5.147.189 gateway 10.5.146.1 netmask 255.255.254.0 dns-nameservers 10.1.11.103 10.1.12.104The outputs of some commands running on my client "incir" are as follows:
It can successfully obtain the IP address of another client in local network.
samet@incir:~$ nslookup mandalina
Server: 10.5.147.189
Address: 10.5.147.189#53
Name: mandalina.kasirgalabs.home
Address: 10.5.147.206However, it cannot obtain the IP address of "google.com".
samet@incir:~$ nslookup google.com
;; Got SERVFAIL reply from 10.5.147.189, trying next server
;; connection timed out; no servers could be reached/etc/network/interfaces
auto lo
iface lo inet loopback
auto enp3s0
iface enp3s0 inet static address 10.5.147.152 gateway 10.5.146.1 netmask 255.255.254.0 dns-nameservers 8.8.8.8 8.8.4.4I could not figure out how to solve this problem. As I said before, I do not have much knowledge. If I am supposed to show the contents of specific files, please tell me and I will do.
1 Answer
In your options section add these:
allow-recursion { "trusted"; };
allow-query-cache { "trusted"; };BIND nowadays has very fine grained control over who can query what, and by extension cause the server to do (i.e. to go out and recurse).
