Ok, firewall involved blocking outbound dns queries?  Something upstream 
blocking dns queries?

Quick test is resolve against 68.2.16.30 (cox's dns server I think is 
still open) or any general dns server outside.  Make sure you can 
actually perform a dns looking outside (allow tcp/udp port 53 traffic to 
dst of *).  Unless you have a managed firewall with anal security, 
typically cheap little bugger firewalls won't block this by default.

Other than that, all I can say is send me all your named.conf files 
offlist and I can try and load it up on one of my working systems to see 
what's up with that.

I'm grasping at straws now unless your version is just plain broken...

-mb


On 08/14/2011 08:53 PM, David Demland wrote:
> Michael,
>
> It is version 9.3.2 because that is the version I found on the internet that
> allowed for the DNS poison example to work. The rndc status shows there are
> 6/1000 recursive clients, but other than that everything is 0. The host
> command shows very similar to your examples, which is what I expected. I
> have added the -d 10 to the options, yet I see nothing in the log files.
> What is the next step?
>
> Thank You,
>
> David
>
> -----Original Message-----
> From: plug-discuss-bounces@lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Michael
> Butash
> Sent: Sunday, August 14, 2011 8:18 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Re: Setting Up Bind9 Test
>
> What version of named?  Maybe different versions...
>
> user@idns01:~$ named -v
> BIND 9.4.2-P2.1
>
> Did rndc give any reply?  Do you get *any* response from the server
> querying it?
>
> Usually /var/log/daemon will give you some kind of growling if it's not
> allowing you to query, see how clean it loads:
>
> Aug 14 20:03:32 idns01 named[17031]: starting BIND 9.4.2-P2.1 -u bind
> Aug 14 20:03:32 idns01 named[17031]: found 2 CPUs, using 2 worker threads
> Aug 14 20:03:32 idns01 named[17031]: loading configuration from
> '/etc/bind/named.conf'
> Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface eth0,
> 10.xx.xx.y#53
> Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
> 254.169.IN-ADDR.ARPA
> Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
> 2.0.192.IN-ADDR.ARPA
> Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
> 255.255.255.255.IN-ADDR.ARPA
> Aug 14 20:03:32 idns01 named[17031]: command channel listening on
> 127.0.0.1#953
> Aug 14 20:03:32 idns01 named[17031]: zone 0.in-addr.arpa/IN: loaded serial 1
> Aug 14 20:03:32 idns01 named[17031]: zone 127.in-addr.arpa/IN: loaded
> serial 1
> Aug 14 20:03:32 idns01 named[17031]: zone 255.in-addr.arpa/IN: loaded
> serial 1
> Aug 14 20:03:32 idns01 named[17031]: zone localhost/IN: loaded serial 1
> Aug 14 20:03:32 idns01 named[17031]: running
>
> Check using "sudo netstat -anp | grep named" that it's actually
> *running* right:
>
> user@idns01:~$ sudo netstat -anp | grep named
> tcp        0      0 10.xx.xx.y:53         0.0.0.0:*               LISTEN
>        4763/named
> tcp        0      0 127.0.0.1:53            0.0.0.0:*
> LISTEN      4763/named
> tcp        0      0 127.0.0.1:953           0.0.0.0:*
> LISTEN      4763/named
> udp        0      0 10.xx.xx.y:53         0.0.0.0:*
>         4763/named
> udp        0      0 127.0.0.1:53            0.0.0.0:*
>           4763/named
>
> Should at least get response for localhost:
>
> user@idns01:~$ host 127.0.0.1 10.xx.xx.y
> Using domain server:
> Name: 10.xx.xx.y
> Address: 10.xx.xx.y#53
> Aliases:
>
> 1.0.0.127.in-addr.arpa domain name pointer localhost.
>
> You'll know it works when:
>
> user@idns01:~$ host yahoo.com 10.xx.xx.y
> Using domain server:
> Name: 10.xx.xx.y
> Address: 10.xx.xx.y#53
> Aliases:
>
> yahoo.com has address 209.191.122.70
> yahoo.com has address 67.195.160.76
> yahoo.com has address 69.147.125.65
> yahoo.com has address 72.30.2.43
> yahoo.com has address 98.137.149.56
> <blah>
>
> If still nada, launch named with "-d 10" flag adding to named daemon
> launch options, modifying the init script or default options files for
> respective distro.
>
> Should shed some light on it, otherwise there's tons of docs a google away.
>
> HTH
>
>
> On 08/14/2011 07:52 PM, David Demland wrote:
>> Lisa and Michael,
>>
>> Thank you for your input. I did not think about the rndc so I reloaded
>> just for the heck of it. Yet I am still not getting Metasploit to show
>> the recursive call working. Here is the named.conf.options file:
>>
>> options {
>>
>>                   directory "/var/cache/bind";
>>
>>                   dump-file "/var/cache/bind/data/cache_dump.db";
>>
>>                   statistics-file "/var/cache/bind/data/named_stats.txt";
>>
>>                   recursion yes;
>>
>>                   auth-nxdomain no;    # conform to RFC1035
>>
>>                   allow-recursion { any; };
>>
>>                   allow-query { any; };
>>
>>                   //  allow-query-cache { any; };
>>
>>                   listen-on port 53 { any; };
>>
>> };
>>
>> I was unable to get the allow-query-cache line to load, I am not sure
>> what I did wrong.
>>
>> I did find the same pages and I have been through them, but I do not see
>> what I am missing. What else am I missing?
>>
>> Thank You,
>>
>> David
>>
>> P.S.
>>
>> Lisa - thank you so much for yesterday. You have really given my class a
>> lot to talk about. I am looking forward to class this week with them to
>> see what else is said.
>>
>> *From:*plug-discuss-bounces@lists.plug.phoenix.az.us
>> [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] *On Behalf Of
>> *Lisa Kachold
>> *Sent:* Sunday, August 14, 2011 4:48 PM
>> *To:* Main PLUG discussion list
>> *Subject:* Re: Setting Up Bind9 Test
>>
>> Hi David!
>>
>> Nice to see you on Saturday!
>>
>> Bind9 can be fussy (rndc controls everything).
>>
>> You ARE changing the right item to turn recursion on.
>> http://www.eukhost.com/forums/f15/turning-off-dns-recursion-bind-2283/
>>
>> But you can also do this in a Bind9 ACL using the "Views" feature:
>> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch07.html
>> http://oreilly.com/pub/a/oreilly/networking/news/views_0501.html
>>
>> Are you restarting named after a change? "/etc/init.d/named restart"
>> If you have rndc are you reloading? "rdnc reload"
>>
>> Do you have logging turned on, so you can see what is happening?
>> https://help.ubuntu.com/community/BIND9ServerHowto
>>
>> Are you editing the right file? There's a chroot? "locate named.conf"
>>
>> On Sun, Aug 14, 2011 at 10:27 AM, David Demland<demland@cox.net
>> <mailto:demland@cox.net>>  wrote:
>>
>> I am trying to set up a DNS poisoning test as an example for my class. I
>> have setup both an Ubuntu 6.10 and 10.10 server. When I use my Backtrack
>> system to check the DNS server I get a message "This server is not
>> replying to recursive requests". I have added "allow-recursion { any;
>> };" to my configuration file. Yet the Backtrack system still fails. What
>> do I have to do to allow on the DNS server for the Backtrack system to
>> do the recursive request?
>>
>> Thank you for your help,
>>
>> David
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
>>
>>
>>
>> --
>> (602) 791-8002 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> HomeSmartInternational.com
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------
>>
>> No virus found in this message.
>> Checked by AVG - www.avg.com<http://www.avg.com>
>> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> -----
> No virus found in this message.
> Checked by AVG - www.avg.com
> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11
>
>
>
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss