DNS forwarding

The DNS server in my work place sucks a lot, so I decided to configure a DNS server by myself and check internal domains (1.com.br, 2.com.br…) in the company DNS servers.

hamilton@springfield:~$ cat /etc/bind/named.conf.local 

//
// Do any local configuration here
//

zone “1.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};

zone “2.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};
zone “3.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};
zone “4.com.br” {
type forward;
forwarders { 192.168.0.207; 192.168.0.208; };
};

 

Got some problems with DNSSEC, the company DNS are based on Windows 2008 Server:

 

Sep 4 11:03:08 springfield named[4507]: error (network unreachable) resolving ‘com.br/DNSKEY/IN’: 2001:12ff::10#53
Sep 4 11:03:08 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/A/IN’: 192.168.0.208#53
Sep 4 11:03:08 springfield named[4507]: validating @0x7ff9d80008c0: 1.com.br A: got insecure response; parent indicates it should be secure
Sep 4 11:03:08 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/A/IN’: 192.168.0.207#53
Sep 4 11:03:11 springfield named[4507]: validating @0x7ff9d80056e0: 1.com.br SOA: got insecure response; parent indicates it should be secure
Sep 4 11:03:11 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/DNSKEY/IN’: 192.168.0.207#53
Sep 4 11:03:11 springfield named[4507]: validating @0x7ff9e0011190: 1.com.br SOA: got insecure response; parent indicates it should be secure
Sep 4 11:03:11 springfield named[4507]: error (insecurity proof failed) resolving ‘1.com.br/DNSKEY/IN’: 192.168.0.208#53
Sep 4 11:03:11 springfield named[4507]: error (network unreachable) resolving ‘1.com.br/DNSKEY/IN’: 2001:12ff::11#53

 

To solve this I had to disable dnssec in Bind9.

# dnssec-validation auto;

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: