Ok, firewall involved blocking outbound dns queries? Something upstream blocking dns queries? Quick test is resolve against 68.2.16.30 (cox's dns server I think is still open) or any general dns server outside. Make sure you can actually perform a dns looking outside (allow tcp/udp port 53 traffic to dst of *). Unless you have a managed firewall with anal security, typically cheap little bugger firewalls won't block this by default. Other than that, all I can say is send me all your named.conf files offlist and I can try and load it up on one of my working systems to see what's up with that. I'm grasping at straws now unless your version is just plain broken... -mb On 08/14/2011 08:53 PM, David Demland wrote: > Michael, > > It is version 9.3.2 because that is the version I found on the internet that > allowed for the DNS poison example to work. The rndc status shows there are > 6/1000 recursive clients, but other than that everything is 0. The host > command shows very similar to your examples, which is what I expected. I > have added the -d 10 to the options, yet I see nothing in the log files. > What is the next step? > > Thank You, > > David > > -----Original Message----- > From: plug-discuss-bounces@lists.plug.phoenix.az.us > [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Michael > Butash > Sent: Sunday, August 14, 2011 8:18 PM > To: plug-discuss@lists.plug.phoenix.az.us > Subject: Re: Setting Up Bind9 Test > > What version of named? Maybe different versions... > > user@idns01:~$ named -v > BIND 9.4.2-P2.1 > > Did rndc give any reply? Do you get *any* response from the server > querying it? > > Usually /var/log/daemon will give you some kind of growling if it's not > allowing you to query, see how clean it loads: > > Aug 14 20:03:32 idns01 named[17031]: starting BIND 9.4.2-P2.1 -u bind > Aug 14 20:03:32 idns01 named[17031]: found 2 CPUs, using 2 worker threads > Aug 14 20:03:32 idns01 named[17031]: loading configuration from > '/etc/bind/named.conf' > Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface lo, > 127.0.0.1#53 > Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface eth0, > 10.xx.xx.y#53 > Aug 14 20:03:32 idns01 named[17031]: automatic empty zone: > 254.169.IN-ADDR.ARPA > Aug 14 20:03:32 idns01 named[17031]: automatic empty zone: > 2.0.192.IN-ADDR.ARPA > Aug 14 20:03:32 idns01 named[17031]: automatic empty zone: > 255.255.255.255.IN-ADDR.ARPA > Aug 14 20:03:32 idns01 named[17031]: command channel listening on > 127.0.0.1#953 > Aug 14 20:03:32 idns01 named[17031]: zone 0.in-addr.arpa/IN: loaded serial 1 > Aug 14 20:03:32 idns01 named[17031]: zone 127.in-addr.arpa/IN: loaded > serial 1 > Aug 14 20:03:32 idns01 named[17031]: zone 255.in-addr.arpa/IN: loaded > serial 1 > Aug 14 20:03:32 idns01 named[17031]: zone localhost/IN: loaded serial 1 > Aug 14 20:03:32 idns01 named[17031]: running > > Check using "sudo netstat -anp | grep named" that it's actually > *running* right: > > user@idns01:~$ sudo netstat -anp | grep named > tcp 0 0 10.xx.xx.y:53 0.0.0.0:* LISTEN > 4763/named > tcp 0 0 127.0.0.1:53 0.0.0.0:* > LISTEN 4763/named > tcp 0 0 127.0.0.1:953 0.0.0.0:* > LISTEN 4763/named > udp 0 0 10.xx.xx.y:53 0.0.0.0:* > 4763/named > udp 0 0 127.0.0.1:53 0.0.0.0:* > 4763/named > > Should at least get response for localhost: > > user@idns01:~$ host 127.0.0.1 10.xx.xx.y > Using domain server: > Name: 10.xx.xx.y > Address: 10.xx.xx.y#53 > Aliases: > > 1.0.0.127.in-addr.arpa domain name pointer localhost. > > You'll know it works when: > > user@idns01:~$ host yahoo.com 10.xx.xx.y > Using domain server: > Name: 10.xx.xx.y > Address: 10.xx.xx.y#53 > Aliases: > > yahoo.com has address 209.191.122.70 > yahoo.com has address 67.195.160.76 > yahoo.com has address 69.147.125.65 > yahoo.com has address 72.30.2.43 > yahoo.com has address 98.137.149.56 > > > If still nada, launch named with "-d 10" flag adding to named daemon > launch options, modifying the init script or default options files for > respective distro. > > Should shed some light on it, otherwise there's tons of docs a google away. > > HTH > > > On 08/14/2011 07:52 PM, David Demland wrote: >> Lisa and Michael, >> >> Thank you for your input. I did not think about the rndc so I reloaded >> just for the heck of it. Yet I am still not getting Metasploit to show >> the recursive call working. Here is the named.conf.options file: >> >> options { >> >> directory "/var/cache/bind"; >> >> dump-file "/var/cache/bind/data/cache_dump.db"; >> >> statistics-file "/var/cache/bind/data/named_stats.txt"; >> >> recursion yes; >> >> auth-nxdomain no; # conform to RFC1035 >> >> allow-recursion { any; }; >> >> allow-query { any; }; >> >> // allow-query-cache { any; }; >> >> listen-on port 53 { any; }; >> >> }; >> >> I was unable to get the allow-query-cache line to load, I am not sure >> what I did wrong. >> >> I did find the same pages and I have been through them, but I do not see >> what I am missing. What else am I missing? >> >> Thank You, >> >> David >> >> P.S. >> >> Lisa - thank you so much for yesterday. You have really given my class a >> lot to talk about. I am looking forward to class this week with them to >> see what else is said. >> >> *From:*plug-discuss-bounces@lists.plug.phoenix.az.us >> [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] *On Behalf Of >> *Lisa Kachold >> *Sent:* Sunday, August 14, 2011 4:48 PM >> *To:* Main PLUG discussion list >> *Subject:* Re: Setting Up Bind9 Test >> >> Hi David! >> >> Nice to see you on Saturday! >> >> Bind9 can be fussy (rndc controls everything). >> >> You ARE changing the right item to turn recursion on. >> http://www.eukhost.com/forums/f15/turning-off-dns-recursion-bind-2283/ >> >> But you can also do this in a Bind9 ACL using the "Views" feature: >> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch07.html >> http://oreilly.com/pub/a/oreilly/networking/news/views_0501.html >> >> Are you restarting named after a change? "/etc/init.d/named restart" >> If you have rndc are you reloading? "rdnc reload" >> >> Do you have logging turned on, so you can see what is happening? >> https://help.ubuntu.com/community/BIND9ServerHowto >> >> Are you editing the right file? There's a chroot? "locate named.conf" >> >> On Sun, Aug 14, 2011 at 10:27 AM, David Demland> > wrote: >> >> I am trying to set up a DNS poisoning test as an example for my class. I >> have setup both an Ubuntu 6.10 and 10.10 server. When I use my Backtrack >> system to check the DNS server I get a message "This server is not >> replying to recursive requests". I have added "allow-recursion { any; >> };" to my configuration file. Yet the Backtrack system still fails. What >> do I have to do to allow on the DNS server for the Backtrack system to >> do the recursive request? >> >> Thank you for your help, >> >> David >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> >> >> >> >> -- >> (602) 791-8002 Android >> (623) 239-3392 Skype >> (623) 688-3392 Google Voice >> ** >> HomeSmartInternational.com >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ------------------------------------------------------------------------ >> >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11 >> >> >> >> --------------------------------------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > ----- > No virus found in this message. > Checked by AVG - www.avg.com > Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11 > > > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss