-1

I'm trying to setup a DNS server with bind9 (DNS server in dmz) fullfilling the task to forward all querys to the concerned DNS Server.

Overview: interal DNS (dns1.internal.com) <-> dmz DNS (dns-dmz)<-> external DNS (dns-ext) <-> dfn DNS. All querys to external adresses (internet) are beeing resolved properly. But I am unable to resolve DNS querys for the internal network.

Since I lack some knowledege it's hard for me to sort things out. Thank you for helping me.

named.conf.options

acl trusted {
localhost; some more};

options {
    directory "/var/cache/bind";
    recursion yes;
    allow-query {trusted;};
    empty-zones-enable no;
    querylog yes;
    forwarders {dns-ext IPv4;};
    dnssec-enable yes;
    dnssec-validation no;
    listen-on-v6 { any; };};};

named.conf.local

zone "internal.com" IN {
    type forward;
    forwarders {dns1.internal.com (IPv4); };
};

zone "old_internal.com" IN {
    type forward;
    forwarders {dns1.old_internal.com (IPv4); };
};

zone "old_old_internal.com" IN {
    type forward;
    forwarders {dns1.old_old_internal.com (IPv4); };
};

If I set up dns1.internal.com in resolv.conf it works just fine.

dig test internet

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> microsoft.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17183
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 13, ADDITIONAL: 27

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 6df8652f19acd77e0b8c118f5e5e1a1a1283ea1da5b69c71 (good)
;; QUESTION SECTION:
;microsoft.com.         IN  A
(cut out)
;; Query time: 1 msec
;; SERVER: dns-dmz#53(dns-dmz)
;; WHEN: Di Mär 03 09:49:27 CET 2020
;; MSG SIZE  rcvd: 933

dig internal server

; <<>> DiG 9.11.5-P4-5.1-Debian <<>> -x someServer.internal.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61339
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 842ab2a19e170cfee909a0745e5e1a10d18a4e7b624e7106 (good)
;; QUESTION SECTION:
;com.internal.someServer-app.in-addr.arpa. IN   PTR

;; AUTHORITY SECTION:
in-addr.arpa.       10737   IN  SOA b.in-addr-servers.arpa. nstld.iana.org. 2020012498 1800 900 604800 3600

;; Query time: 1 msec
;; SERVER: dns-dmz#53(dns-dmz)
;; WHEN: Di Mär 03 09:49:18 CET 2020
;; MSG SIZE  rcvd: 159

What am I missunterstanding, what am I doing wrong and what am I missing?

(I am unsure how to properly implement reverse proxy here as well, but that is the second step. If you got extra time to tell me how to do it here.. thank you :) )

DontRemember
  • 1

1 Answers1

0

nvm. Got it working.

I was just too ... to understand how it works.

In my case:

  • No forwarders globally in named.conf.options
  • Forwarders in zones only

Reverse will be next. Answer: Just forward reverse zone.

Sorry for wasting your time.

DontRemember
  • 1