[l-ubuntu-ve] Domain Name Server con Bind9
Ricardo Peña
ricardomolox en gmail.com
Mar Mayo 6 22:18:23 BST 2008
Acá estan todos los archivos que he editado para empezar con mi DNS, aun no
llego a poder tener una resolucion directa y menos inversa por los
siguientes hechos:
deathbian:/etc/bind# cat /etc/resolv.conf
search funmrd.gov.ve
nameserver 150.187.25.3
search asl-mirror.org.ve
nameserver 127.0.0.1
---------------
deathbian:/etc/bind# cat /etc/hosts
192.168.25.159 usuario.asl-mirror.org.ve usuario
127.0.0.1 localhost
#127.0.1.1 deathbian
# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
-------------------------
deathbian:/etc/bind# cat named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an
unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
150.187.25.3;
};
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
---------------------------------
deathbian:/etc/bind# cat named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "asl-mirror.org.ve" {
type master;
file "/etc/bind/db.asl-mirror.org.ve";
allow-update { key "rndc-key"; };
allowquery { any; };
notify yes;
};
include "/etc/bind/rndc.key";
--------------
deathbian:/etc/bind# cat db.asl-mirror.org.ve
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA asl-mirror.org.ve. hostmaster.asl-mirror.org.ve. (
2008060501 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
IN NS usuario.asl-mirror.org.ve.
IN NS asl-mirror.org.ve.
IN A 192.168.25.159
usuario IN A 192.168.25.159
@ IN A 127.0.0.1
@ IN NS localhost.
@ IN A 127.0.0.1
------------
a estas altuuras del camino reinicie el servicio..
deathbian:/etc/bind# /etc/init.d/bind9 restart
Stopping domain name service...: bindrndc: connect failed: 127.0.0.1#953:
connec tion refused
failed!
Starting domain name service...: bind failed!
----------------
googleando. note q necesito una clave de validacion o autenticacion
entonces .. probe con ..
deathbian:/etc/bind# dnssec-keygen -a HMAC-MD5 -b 512 -n HOST
usuario.asl-mirror.org.ve.tsigkey.
deathbian:/etc/bind# cat rndc.key
#key "rndc-key" {
# algorithm hmac-md5;
# secret "BVWHT+v4quMjBlVdB5/T1g==";
#};
key "usuario.asl-mirror.org.ve.tsigkey." {
algorithm hmac-md5;
secret
"VnLOoegebyHvr9h+NtFInFx1yw3kVggri46mVh8+JsxgYNl5vJO8onep/cFZSUGYGCQvGT5jiGaqSlkeGR4RtQ==";
};
---------------------------------
deathbian:/etc/bind# /etc/init.d/bind9 restart
Stopping domain name service...: bindrndc: connection to remote host closed
This may indicate that the remote server is using an older version of
the command protocol, this host is not authorized to connect,
or the key is invalid.
failed!
Starting domain name service...: bind failed!
----------------------------
en mi syslog tengo:
May 6 15:47:09 deathbian named[19386]: invalid command from 127.0.0.1#49914:
bad auth
May 6 15:47:14 deathbian named[19386]: invalid command from 127.0.0.1#49915:
bad auth
lo que me dice q no tiene autenticacion mi clave !
y incluso probe ejectando de nuevo el dnssec-keygen obtuve una nueva clave
.. pero . me da los mismos resultados . !
Quien pueda ayudarme .. estare muy agradecido .. !
Gracias ...
--
**Ricardo Peña [MoloX]**
Instructor Academia de Software Libre (ASL)
*Fundacite-Mérida*
Usuario GNU/Linux registrado #449823
http://molitux.blogspot.com/
* GNU/Linux Debian Kernel 2.6.24-1-686 *
"Linux Was Inveted to Manipulate Freaks"
Más información sobre la lista de distribución ubuntu-ve