Also turn up logs noise and see if the query is at least denied? On Sun, Aug 14, 2011 at 9:40 PM, Michael Butash wrote: > Ok, firewall involved blocking outbound dns queries? Something upstream > blocking dns queries? > > Quick test is resolve against 68.2.16.30 (cox's dns server I think is still > open) or any general dns server outside. Make sure you can actually perform > a dns looking outside (allow tcp/udp port 53 traffic to dst of *). Unless > you have a managed firewall with anal security, typically cheap little > bugger firewalls won't block this by default. > > Other than that, all I can say is send me all your named.conf files offlist > and I can try and load it up on one of my working systems to see what's up > with that. > > I'm grasping at straws now unless your version is just plain broken... > > -mb > > > > On 08/14/2011 08:53 PM, David Demland wrote: > >> Michael, >> >> It is version 9.3.2 because that is the version I found on the internet >> that >> allowed for the DNS poison example to work. The rndc status shows there >> are >> 6/1000 recursive clients, but other than that everything is 0. The host >> command shows very similar to your examples, which is what I expected. I >> have added the -d 10 to the options, yet I see nothing in the log files. >> What is the next step? >> >> Thank You, >> >> David >> >> -----Original Message----- >> From: plug-discuss-bounces@lists.**plug.phoenix.az.us >> [mailto:plug-discuss-bounces@**lists.plug.phoenix.az.us] >> On Behalf Of Michael >> Butash >> Sent: Sunday, August 14, 2011 8:18 PM >> To: plug-discuss@lists.plug.**phoenix.az.us >> Subject: Re: Setting Up Bind9 Test >> >> What version of named? Maybe different versions... >> >> user@idns01:~$ named -v >> BIND 9.4.2-P2.1 >> >> Did rndc give any reply? Do you get *any* response from the server >> querying it? >> >> Usually /var/log/daemon will give you some kind of growling if it's not >> allowing you to query, see how clean it loads: >> >> Aug 14 20:03:32 idns01 named[17031]: starting BIND 9.4.2-P2.1 -u bind >> Aug 14 20:03:32 idns01 named[17031]: found 2 CPUs, using 2 worker threads >> Aug 14 20:03:32 idns01 named[17031]: loading configuration from >> '/etc/bind/named.conf' >> Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface lo, >> 127.0.0.1#53 >> Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface eth0, >> 10.xx.xx.y#53 >> Aug 14 20:03:32 idns01 named[17031]: automatic empty zone: >> 254.169.IN-ADDR.ARPA >> Aug 14 20:03:32 idns01 named[17031]: automatic empty zone: >> 2.0.192.IN-ADDR.ARPA >> Aug 14 20:03:32 idns01 named[17031]: automatic empty zone: >> 255.255.255.255.IN-ADDR.ARPA >> Aug 14 20:03:32 idns01 named[17031]: command channel listening on >> 127.0.0.1#953 >> Aug 14 20:03:32 idns01 named[17031]: zone 0.in-addr.arpa/IN: loaded serial >> 1 >> Aug 14 20:03:32 idns01 named[17031]: zone 127.in-addr.arpa/IN: loaded >> serial 1 >> Aug 14 20:03:32 idns01 named[17031]: zone 255.in-addr.arpa/IN: loaded >> serial 1 >> Aug 14 20:03:32 idns01 named[17031]: zone localhost/IN: loaded serial 1 >> Aug 14 20:03:32 idns01 named[17031]: running >> >> Check using "sudo netstat -anp | grep named" that it's actually >> *running* right: >> >> user@idns01:~$ sudo netstat -anp | grep named >> tcp 0 0 10.xx.xx.y:53 0.0.0.0:* LISTEN >> 4763/named >> tcp 0 0 127.0.0.1:53 0.0.0.0:* >> LISTEN 4763/named >> tcp 0 0 127.0.0.1:953 0.0.0.0:* >> LISTEN 4763/named >> udp 0 0 10.xx.xx.y:53 0.0.0.0:* >> 4763/named >> udp 0 0 127.0.0.1:53 0.0.0.0:* >> 4763/named >> >> Should at least get response for localhost: >> >> user@idns01:~$ host 127.0.0.1 10.xx.xx.y >> Using domain server: >> Name: 10.xx.xx.y >> Address: 10.xx.xx.y#53 >> Aliases: >> >> 1.0.0.127.in-addr.arpa domain name pointer localhost. >> >> You'll know it works when: >> >> user@idns01:~$ host yahoo.com 10.xx.xx.y >> Using domain server: >> Name: 10.xx.xx.y >> Address: 10.xx.xx.y#53 >> Aliases: >> >> yahoo.com has address 209.191.122.70 >> yahoo.com has address 67.195.160.76 >> yahoo.com has address 69.147.125.65 >> yahoo.com has address 72.30.2.43 >> yahoo.com has address 98.137.149.56 >> >> >> If still nada, launch named with "-d 10" flag adding to named daemon >> launch options, modifying the init script or default options files for >> respective distro. >> >> Should shed some light on it, otherwise there's tons of docs a google >> away. >> >> HTH >> >> >> On 08/14/2011 07:52 PM, David Demland wrote: >> >>> Lisa and Michael, >>> >>> Thank you for your input. I did not think about the rndc so I reloaded >>> just for the heck of it. Yet I am still not getting Metasploit to show >>> the recursive call working. Here is the named.conf.options file: >>> >>> options { >>> >>> directory "/var/cache/bind"; >>> >>> dump-file "/var/cache/bind/data/cache_**dump.db"; >>> >>> statistics-file "/var/cache/bind/data/named_** >>> stats.txt"; >>> >>> recursion yes; >>> >>> auth-nxdomain no; # conform to RFC1035 >>> >>> allow-recursion { any; }; >>> >>> allow-query { any; }; >>> >>> // allow-query-cache { any; }; >>> >>> listen-on port 53 { any; }; >>> >>> }; >>> >>> I was unable to get the allow-query-cache line to load, I am not sure >>> what I did wrong. >>> >>> I did find the same pages and I have been through them, but I do not see >>> what I am missing. What else am I missing? >>> >>> Thank You, >>> >>> David >>> >>> P.S. >>> >>> Lisa - thank you so much for yesterday. You have really given my class a >>> lot to talk about. I am looking forward to class this week with them to >>> see what else is said. >>> >>> *From:*plug-discuss-bounces@**lists.plug.phoenix.az.us >>> [mailto:plug-discuss-bounces@**lists.plug.phoenix.az.us] >>> *On Behalf Of >>> *Lisa Kachold >>> *Sent:* Sunday, August 14, 2011 4:48 PM >>> *To:* Main PLUG discussion list >>> *Subject:* Re: Setting Up Bind9 Test >>> >>> Hi David! >>> >>> Nice to see you on Saturday! >>> >>> Bind9 can be fussy (rndc controls everything). >>> >>> You ARE changing the right item to turn recursion on. >>> http://www.eukhost.com/forums/**f15/turning-off-dns-recursion-** >>> bind-2283/ >>> >>> But you can also do this in a Bind9 ACL using the "Views" feature: >>> http://www.bind9.net/manual/**bind/9.3.1/Bv9ARM.ch07.html >>> http://oreilly.com/pub/a/**oreilly/networking/news/views_**0501.html >>> >>> Are you restarting named after a change? "/etc/init.d/named restart" >>> If you have rndc are you reloading? "rdnc reload" >>> >>> Do you have logging turned on, so you can see what is happening? >>> https://help.ubuntu.com/**community/BIND9ServerHowto >>> >>> Are you editing the right file? There's a chroot? "locate named.conf" >>> >>> On Sun, Aug 14, 2011 at 10:27 AM, David Demland>> > wrote: >>> >>> I am trying to set up a DNS poisoning test as an example for my class. I >>> have setup both an Ubuntu 6.10 and 10.10 server. When I use my Backtrack >>> system to check the DNS server I get a message "This server is not >>> replying to recursive requests". I have added "allow-recursion { any; >>> };" to my configuration file. Yet the Backtrack system still fails. What >>> do I have to do to allow on the DNS server for the Backtrack system to >>> do the recursive request? >>> >>> Thank you for your help, >>> >>> David >>> >>> >>> ------------------------------**--------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.**phoenix.az.us >>> >>> > >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss >>> >>> >>> >>> >>> -- >>> (602) 791-8002 Android >>> (623) 239-3392 Skype >>> (623) 688-3392 Google Voice >>> ** >>> HomeSmartInternational.com >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> ------------------------------**------------------------------** >>> ------------ >>> >>> No virus found in this message. >>> Checked by AVG - www.avg.com >>> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11 >>> >>> >>> >>> ------------------------------**--------------------- >>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.**phoenix.az.us >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss >>> >> ------------------------------**--------------------- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.**phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss >> ----- >> No virus found in this message. >> Checked by AVG - www.avg.com >> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11 >> >> >> >> ------------------------------**--------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.**phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.**us/mailman/listinfo/plug-**discuss > -- (602) 791-8002 Android (623) 239-3392 Skype (623) 688-3392 Google Voice ** HomeSmartInternational.com