Setting Up Bind9 Test
Lisa Kachold
lisakachold at obnosis.com
Tue Aug 16 21:38:55 MST 2011
Also turn up logs noise and see if the query is at least denied?
On Sun, Aug 14, 2011 at 9:40 PM, Michael Butash <michael at butash.net> wrote:
> Ok, firewall involved blocking outbound dns queries? Something upstream
> blocking dns queries?
>
> Quick test is resolve against 68.2.16.30 (cox's dns server I think is still
> open) or any general dns server outside. Make sure you can actually perform
> a dns looking outside (allow tcp/udp port 53 traffic to dst of *). Unless
> you have a managed firewall with anal security, typically cheap little
> bugger firewalls won't block this by default.
>
> Other than that, all I can say is send me all your named.conf files offlist
> and I can try and load it up on one of my working systems to see what's up
> with that.
>
> I'm grasping at straws now unless your version is just plain broken...
>
> -mb
>
>
>
> On 08/14/2011 08:53 PM, David Demland wrote:
>
>> Michael,
>>
>> It is version 9.3.2 because that is the version I found on the internet
>> that
>> allowed for the DNS poison example to work. The rndc status shows there
>> are
>> 6/1000 recursive clients, but other than that everything is 0. The host
>> command shows very similar to your examples, which is what I expected. I
>> have added the -d 10 to the options, yet I see nothing in the log files.
>> What is the next step?
>>
>> Thank You,
>>
>> David
>>
>> -----Original Message-----
>> From: plug-discuss-bounces at lists.**plug.phoenix.az.us<plug-discuss-bounces at lists.plug.phoenix.az.us>
>> [mailto:plug-discuss-bounces@**lists.plug.phoenix.az.us<plug-discuss-bounces at lists.plug.phoenix.az.us>]
>> On Behalf Of Michael
>> Butash
>> Sent: Sunday, August 14, 2011 8:18 PM
>> To: plug-discuss at lists.plug.**phoenix.az.us<plug-discuss at lists.plug.phoenix.az.us>
>> Subject: Re: Setting Up Bind9 Test
>>
>> What version of named? Maybe different versions...
>>
>> user at idns01:~$ named -v
>> BIND 9.4.2-P2.1
>>
>> Did rndc give any reply? Do you get *any* response from the server
>> querying it?
>>
>> Usually /var/log/daemon will give you some kind of growling if it's not
>> allowing you to query, see how clean it loads:
>>
>> Aug 14 20:03:32 idns01 named[17031]: starting BIND 9.4.2-P2.1 -u bind
>> Aug 14 20:03:32 idns01 named[17031]: found 2 CPUs, using 2 worker threads
>> Aug 14 20:03:32 idns01 named[17031]: loading configuration from
>> '/etc/bind/named.conf'
>> Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface lo,
>> 127.0.0.1#53
>> Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface eth0,
>> 10.xx.xx.y#53
>> Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
>> 254.169.IN-ADDR.ARPA
>> Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
>> 2.0.192.IN-ADDR.ARPA
>> Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
>> 255.255.255.255.IN-ADDR.ARPA
>> Aug 14 20:03:32 idns01 named[17031]: command channel listening on
>> 127.0.0.1#953
>> Aug 14 20:03:32 idns01 named[17031]: zone 0.in-addr.arpa/IN: loaded serial
>> 1
>> Aug 14 20:03:32 idns01 named[17031]: zone 127.in-addr.arpa/IN: loaded
>> serial 1
>> Aug 14 20:03:32 idns01 named[17031]: zone 255.in-addr.arpa/IN: loaded
>> serial 1
>> Aug 14 20:03:32 idns01 named[17031]: zone localhost/IN: loaded serial 1
>> Aug 14 20:03:32 idns01 named[17031]: running
>>
>> Check using "sudo netstat -anp | grep named" that it's actually
>> *running* right:
>>
>> user at idns01:~$ sudo netstat -anp | grep named
>> tcp 0 0 10.xx.xx.y:53 0.0.0.0:* LISTEN
>> 4763/named
>> tcp 0 0 127.0.0.1:53 0.0.0.0:*
>> LISTEN 4763/named
>> tcp 0 0 127.0.0.1:953 0.0.0.0:*
>> LISTEN 4763/named
>> udp 0 0 10.xx.xx.y:53 0.0.0.0:*
>> 4763/named
>> udp 0 0 127.0.0.1:53 0.0.0.0:*
>> 4763/named
>>
>> Should at least get response for localhost:
>>
>> user at idns01:~$ host 127.0.0.1 10.xx.xx.y
>> Using domain server:
>> Name: 10.xx.xx.y
>> Address: 10.xx.xx.y#53
>> Aliases:
>>
>> 1.0.0.127.in-addr.arpa domain name pointer localhost.
>>
>> You'll know it works when:
>>
>> user at idns01:~$ host yahoo.com 10.xx.xx.y
>> Using domain server:
>> Name: 10.xx.xx.y
>> Address: 10.xx.xx.y#53
>> Aliases:
>>
>> yahoo.com has address 209.191.122.70
>> yahoo.com has address 67.195.160.76
>> yahoo.com has address 69.147.125.65
>> yahoo.com has address 72.30.2.43
>> yahoo.com has address 98.137.149.56
>> <blah>
>>
>> If still nada, launch named with "-d 10" flag adding to named daemon
>> launch options, modifying the init script or default options files for
>> respective distro.
>>
>> Should shed some light on it, otherwise there's tons of docs a google
>> away.
>>
>> HTH
>>
>>
>> On 08/14/2011 07:52 PM, David Demland wrote:
>>
>>> Lisa and Michael,
>>>
>>> Thank you for your input. I did not think about the rndc so I reloaded
>>> just for the heck of it. Yet I am still not getting Metasploit to show
>>> the recursive call working. Here is the named.conf.options file:
>>>
>>> options {
>>>
>>> directory "/var/cache/bind";
>>>
>>> dump-file "/var/cache/bind/data/cache_**dump.db";
>>>
>>> statistics-file "/var/cache/bind/data/named_**
>>> stats.txt";
>>>
>>> recursion yes;
>>>
>>> auth-nxdomain no; # conform to RFC1035
>>>
>>> allow-recursion { any; };
>>>
>>> allow-query { any; };
>>>
>>> // allow-query-cache { any; };
>>>
>>> listen-on port 53 { any; };
>>>
>>> };
>>>
>>> I was unable to get the allow-query-cache line to load, I am not sure
>>> what I did wrong.
>>>
>>> I did find the same pages and I have been through them, but I do not see
>>> what I am missing. What else am I missing?
>>>
>>> Thank You,
>>>
>>> David
>>>
>>> P.S.
>>>
>>> Lisa - thank you so much for yesterday. You have really given my class a
>>> lot to talk about. I am looking forward to class this week with them to
>>> see what else is said.
>>>
>>> *From:*plug-discuss-bounces@**lists.plug.phoenix.az.us<plug-discuss-bounces at lists.plug.phoenix.az.us>
>>> [mailto:plug-discuss-bounces@**lists.plug.phoenix.az.us<plug-discuss-bounces at lists.plug.phoenix.az.us>]
>>> *On Behalf Of
>>> *Lisa Kachold
>>> *Sent:* Sunday, August 14, 2011 4:48 PM
>>> *To:* Main PLUG discussion list
>>> *Subject:* Re: Setting Up Bind9 Test
>>>
>>> Hi David!
>>>
>>> Nice to see you on Saturday!
>>>
>>> Bind9 can be fussy (rndc controls everything).
>>>
>>> You ARE changing the right item to turn recursion on.
>>> http://www.eukhost.com/forums/**f15/turning-off-dns-recursion-**
>>> bind-2283/<http://www.eukhost.com/forums/f15/turning-off-dns-recursion-bind-2283/>
>>>
>>> But you can also do this in a Bind9 ACL using the "Views" feature:
>>> http://www.bind9.net/manual/**bind/9.3.1/Bv9ARM.ch07.html<http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch07.html>
>>> http://oreilly.com/pub/a/**oreilly/networking/news/views_**0501.html<http://oreilly.com/pub/a/oreilly/networking/news/views_0501.html>
>>>
>>> Are you restarting named after a change? "/etc/init.d/named restart"
>>> If you have rndc are you reloading? "rdnc reload"
>>>
>>> Do you have logging turned on, so you can see what is happening?
>>> https://help.ubuntu.com/**community/BIND9ServerHowto<https://help.ubuntu.com/community/BIND9ServerHowto>
>>>
>>> Are you editing the right file? There's a chroot? "locate named.conf"
>>>
>>> On Sun, Aug 14, 2011 at 10:27 AM, David Demland<demland at cox.net
>>> <mailto:demland at cox.net>> wrote:
>>>
>>> I am trying to set up a DNS poisoning test as an example for my class. I
>>> have setup both an Ubuntu 6.10 and 10.10 server. When I use my Backtrack
>>> system to check the DNS server I get a message "This server is not
>>> replying to recursive requests". I have added "allow-recursion { any;
>>> };" to my configuration file. Yet the Backtrack system still fails. What
>>> do I have to do to allow on the DNS server for the Backtrack system to
>>> do the recursive request?
>>>
>>> Thank you for your help,
>>>
>>> David
>>>
>>>
>>> ------------------------------**---------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.**phoenix.az.us<PLUG-discuss at lists.plug.phoenix.az.us>
>>> <mailto:PLUG-discuss at lists.**plug.phoenix.az.us<PLUG-discuss at lists.plug.phoenix.az.us>
>>> >
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss<http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss>
>>>
>>>
>>>
>>>
>>> --
>>> (602) 791-8002 Android
>>> (623) 239-3392 Skype
>>> (623) 688-3392 Google Voice
>>> **
>>> HomeSmartInternational.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ------------------------------**------------------------------**
>>> ------------
>>>
>>> No virus found in this message.
>>> Checked by AVG - www.avg.com<http://www.avg.com**>
>>> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11
>>>
>>>
>>>
>>> ------------------------------**---------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.**phoenix.az.us<PLUG-discuss at lists.plug.phoenix.az.us>
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss<http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss>
>>>
>> ------------------------------**---------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.**phoenix.az.us<PLUG-discuss at lists.plug.phoenix.az.us>
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss<http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss>
>> -----
>> No virus found in this message.
>> Checked by AVG - www.avg.com
>> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11
>>
>>
>>
>> ------------------------------**---------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.**phoenix.az.us<PLUG-discuss at lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss<http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss>
>
--
(602) 791-8002 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110816/7c9e504b/attachment.html>
More information about the PLUG-discuss
mailing list