m-itu 0 Zgłoś post Napisano Wrzesień 24, 2013 WitamNiby prosta sparawa serwer za routerem i jeden widok dla lanu drugi na zęwnątrz. Co jest źle że chce wysyłać widok internal? Z serwera z zewnątrz nslookup 7xy.pl ;; Got SERVFAIL reply from 62.129.250.10, trying next server Server: 62.129.252.215 Address: 62.129.252.215#53 Non-authoritative answer: Name: 7xy.pl Address: 192.168.0.101 named.conf acl "siec" { 192.168.0.0/24; 127.0.0.1; }; acl "trusted" { 127.0.0.0/8; ::1/128; }; options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; listen-on-v6 { none; }; listen-on { 127.0.0.1; 192.168.0.101; }; allow-query { trusted; }; allow-query-cache { trusted; }; allow-transfer { none; }; allow-update { /* Don't allow updates, e.g. via nsupdate. */ none; }; version "czego?"; auth-nxdomain no; /*auth-nxdomain yes;*/ query-source address * port 53; transfer-source * port 53; notify-source * port 53; forward first; //forwarders { // 195.114.173.153; // Netia // 195.116.55.69; // Netia // 4.2.2.1; // Level3 Public DNS // 4.2.2.2; // Level3 Public DNS // 8.8.8.8; // Google Open DNS // 8.8.4.4; // Google Open DNS // }; //dnssec-enable yes; //dnssec-validation yes; //dnssec-validation auto; //query-source address * port 53; }; logging { channel default_log { file "/var/log/named/named.log" versions 5 size 10M; print-time yes; print-severity yes; print-category yes; }; category default { default_log; }; category general { default_log; }; }; include "/etc/bind/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; }; }; view "internal" { match-clients { siec; }; allow-query { siec; }; recursion yes; allow-notify { none; }; allow-recursion { siec; }; notify no; zone "." IN { type hint; file "/var/bind/root.cache"; }; zone "localhost" IN { type master; file "pri/localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "pri/localhost.rev"; }; zone "0.168.192.in-addr.arpa" IN { type master; file "pri/lan.rev"; }; zone "7xy.pl" IN { type master; file "pri/7xy.internal"; }; }; view "external" { match-clients { !localnets; any; }; allow-transfer { 195.114.173.153; }; notify yes; recursion no; zone "7xy.pl" IN { type master; file "pri/7xy.zone"; }; zone "206.253.77.in-addr.arpa" IN { type master; file "pri/7xy.rev"; }; }; Udostępnij ten post Link to postu Udostępnij na innych stronach
m-itu 0 Zgłoś post Napisano Październik 15, 2013 Najistotniejsze by zadziałało jeśli się jest za natem by wydzielić adres bramy z siecie wewnętrnej.Firewall dla 53 na udp też... acl "siec" { 192.168.0.101; 192.168.0.102; 192.168.0.103; 192.168.0.105; 127.0.0.1/8; }; acl "trusted" { 127.0.0.0/8 ; ::1/128 ; }; acl "slave" { 192.168.0.1; 195.114.173.153; }; Tak będzie czytelniej: acl "siec" { 192.168.0.1/24; !192.168.0.1; 127.0.0.1/8; }; acl "slave" { 192.168.0.1; 195.114.173.153; }; options { directory "/var/bind"; pid-file "/var/run/named/named.pid"; listen-on-v6 { none; }; listen-on { 127.0.0.1; 192.168.0.101; }; allow-query { siec; }; allow-query-cache { siec; }; allow-update { none; }; version "czego?"; auth-nxdomain no; /*auth-nxdomain yes;*/ recursion no; transfer-source * port 53; notify-source * port 53; //forward first; //forwarders { // 195.114.173.153; // Netia // 195.116.55.69; // Netia // 4.2.2.1; // Level3 Public DNS // 4.2.2.2; // Level3 Public DNS // 8.8.8.8; // Google Open DNS // 8.8.4.4; // Google Open DNS // }; //dnssec-enable yes; //dnssec-validation yes; //dnssec-validation auto; }; logging { channel default_log { file "/var/log/named/named.log" versions 5 size 10M; print-time yes; print-severity yes; print-category yes; }; channel audit_log { // Send the security related messages to a separate file. file "/var/log/named/audit.log"; severity debug; print-time yes; }; category default { default_syslog; }; category general { default_syslog; }; category security { audit_log; default_syslog; }; category config { default_syslog; }; category resolver { audit_log; }; category xfer-in { audit_log; }; category xfer-out { audit_log; }; category notify { audit_log; }; category client { audit_log; }; category network { audit_log; }; category update { audit_log; }; category queries { audit_log; }; category lame-servers { audit_log; }; }; include "/etc/bind/rndc.key"; controls { inet 127.0.0.1 port 953 allow { 127.0.0.1/32; ::1/128; } keys { "rndc-key"; }; }; view "internal" { match-clients { siec; }; allow-query { siec; }; allow-transfer { none; }; recursion yes; allow-recursion { siec; }; notify no; zone "." IN { type hint; file "/var/bind/root.cache"; }; zone "localhost" IN { type master; file "pri/localhost.zone"; }; zone "0.0.127.in-addr.arpa" IN { type master; file "pri/localhost.rev"; }; zone "0.168.192.in-addr.arpa" IN { type master; file "pri/lan.rev"; }; zone "7xy.pl" IN { type master; file "pri/7xy.internal"; }; }; view "external" { match-clients { !siec; any; }; allow-query { !siec; any; }; allow-transfer { slave; }; notify yes; recursion no; zone "." IN { type hint; file "/var/bind/root.cache"; }; zone "7xy.pl" IN { type master; file "pri/7xy.zone"; }; zone "206.253.77.in-addr.arpa" IN { type master; file "pri/7xy.rev"; }; }; Udostępnij ten post Link to postu Udostępnij na innych stronach