On Sun, Aug 14, 2011 at 9:40 PM, Michael Butash <michael@butash.net> wrote:

Ok, firewall involved blocking outbound dns queries? Something upstream blocking dns queries?

Quick test is resolve against 68.2.16.30 (cox's dns server I think is still open) or any general dns server outside. Make sure you can actually perform a dns looking outside (allow tcp/udp port 53 traffic to dst of *). Unless you have a managed firewall with anal security, typically cheap little bugger firewalls won't block this by default.

Other than that, all I can say is send me all your named.conf files offlist and I can try and load it up on one of my working systems to see what's up with that.

I'm grasping at straws now unless your version is just plain broken...

-mb

On 08/14/2011 08:53 PM, David Demland wrote:

Michael,

It is version 9.3.2 because that is the version I found on the internet that
allowed for the DNS poison example to work. The rndc status shows there are
6/1000 recursive clients, but other than that everything is 0. The host
command shows very similar to your examples, which is what I expected. I
have added the -d 10 to the options, yet I see nothing in the log files.
What is the next step?

Thank You,

David

-----Original Message-----
From: plug-discuss-bounces@lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Michael
Butash
Sent: Sunday, August 14, 2011 8:18 PM
To: plug-discuss@lists.plug.phoenix.az.us
Subject: Re: Setting Up Bind9 Test

What version of named? Maybe different versions...

user@idns01:~$ named -v
BIND 9.4.2-P2.1

Did rndc give any reply? Do you get *any* response from the server
querying it?

Usually /var/log/daemon will give you some kind of growling if it's not
allowing you to query, see how clean it loads:

Aug 14 20:03:32 idns01 named[17031]: starting BIND 9.4.2-P2.1 -u bind
Aug 14 20:03:32 idns01 named[17031]: found 2 CPUs, using 2 worker threads
Aug 14 20:03:32 idns01 named[17031]: loading configuration from
'/etc/bind/named.conf'
Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface lo,
127.0.0.1#53
Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface eth0,
10.xx.xx.y#53
Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
254.169.IN-ADDR.ARPA
Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
2.0.192.IN-ADDR.ARPA
Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
255.255.255.255.IN-ADDR.ARPA
Aug 14 20:03:32 idns01 named[17031]: command channel listening on
127.0.0.1#953
Aug 14 20:03:32 idns01 named[17031]: zone 0.in-addr.arpa/IN: loaded serial 1
Aug 14 20:03:32 idns01 named[17031]: zone 127.in-addr.arpa/IN: loaded
serial 1
Aug 14 20:03:32 idns01 named[17031]: zone 255.in-addr.arpa/IN: loaded
serial 1
Aug 14 20:03:32 idns01 named[17031]: zone localhost/IN: loaded serial 1
Aug 14 20:03:32 idns01 named[17031]: running

Check using "sudo netstat -anp | grep named" that it's actually
*running* right:

user@idns01:~$ sudo netstat -anp | grep named
tcp 0 0 10.xx.xx.y:53 0.0.0.0:* LISTEN
4763/named
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 4763/named
tcp 0 0 127.0.0.1:953 0.0.0.0:*
LISTEN 4763/named
udp 0 0 10.xx.xx.y:53 0.0.0.0:*
4763/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
4763/named

Should at least get response for localhost:

user@idns01:~$ host 127.0.0.1 10.xx.xx.y
Using domain server:
Name: 10.xx.xx.y
Address: 10.xx.xx.y#53
Aliases:

1.0.0.127.in-addr.arpa domain name pointer localhost.

You'll know it works when:

user@idns01:~$ host yahoo.com 10.xx.xx.y
Using domain server:
Name: 10.xx.xx.y
Address: 10.xx.xx.y#53
Aliases:

yahoo.com has address 209.191.122.70
yahoo.com has address 67.195.160.76
yahoo.com has address 69.147.125.65
yahoo.com has address 72.30.2.43
yahoo.com has address 98.137.149.56
<blah>

If still nada, launch named with "-d 10" flag adding to named daemon
launch options, modifying the init script or default options files for
respective distro.

Should shed some light on it, otherwise there's tons of docs a google away.

HTH

On 08/14/2011 07:52 PM, David Demland wrote:

Lisa and Michael,

Thank you for your input. I did not think about the rndc so I reloaded
just for the heck of it. Yet I am still not getting Metasploit to show
the recursive call working. Here is the named.conf.options file:

options {

directory "/var/cache/bind";

dump-file "/var/cache/bind/data/cache_dump.db";

statistics-file "/var/cache/bind/data/named_stats.txt";

recursion yes;

auth-nxdomain no; # conform to RFC1035

allow-recursion { any; };

allow-query { any; };

// allow-query-cache { any; };

listen-on port 53 { any; };

};

I was unable to get the allow-query-cache line to load, I am not sure
what I did wrong.

I did find the same pages and I have been through them, but I do not see
what I am missing. What else am I missing?

Thank You,

David

P.S.

Lisa - thank you so much for yesterday. You have really given my class a
lot to talk about. I am looking forward to class this week with them to
see what else is said.

*From:*plug-discuss-bounces@lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] *On Behalf Of
*Lisa Kachold
*Sent:* Sunday, August 14, 2011 4:48 PM
*To:* Main PLUG discussion list
*Subject:* Re: Setting Up Bind9 Test

Hi David!

Nice to see you on Saturday!

Bind9 can be fussy (rndc controls everything).

You ARE changing the right item to turn recursion on.
http://www.eukhost.com/forums/f15/turning-off-dns-recursion-bind-2283/

But you can also do this in a Bind9 ACL using the "Views" feature:
http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch07.html
http://oreilly.com/pub/a/oreilly/networking/news/views_0501.html

Are you restarting named after a change? "/etc/init.d/named restart"
If you have rndc are you reloading? "rdnc reload"

Do you have logging turned on, so you can see what is happening?
https://help.ubuntu.com/community/BIND9ServerHowto

Are you editing the right file? There's a chroot? "locate named.conf"

On Sun, Aug 14, 2011 at 10:27 AM, David Demland<demland@cox.net
<mailto:demland@cox.net>> wrote:

I am trying to set up a DNS poisoning test as an example for my class. I
have setup both an Ubuntu 6.10 and 10.10 server. When I use my Backtrack
system to check the DNS server I get a message "This server is not
replying to recursive requests". I have added "allow-recursion { any;
};" to my configuration file. Yet the Backtrack system still fails. What
do I have to do to allow on the DNS server for the Backtrack system to
do the recursive request?

Thank you for your help,

David

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
<mailto:PLUG-discuss@lists.plug.phoenix.az.us>
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

--
(602) 791-8002 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com

------------------------------------------------------------------------

No virus found in this message.
Checked by AVG - www.avg.com<http://www.avg.com>
Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss