Michael,
It is version 9.3.2 because that is the version I found on the internet that
allowed for the DNS poison example to work. The rndc status shows there are
6/1000 recursive clients, but other than that everything is 0. The host
command shows very similar to your examples, which is what I expected. I
have added the -d 10 to the options, yet I see nothing in the log files.
What is the next step?
Thank You,
David
-----Original Message-----
From:
plug-discuss-bounces@lists.plug.phoenix.az.us
[
mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Michael
Butash
Sent: Sunday, August 14, 2011 8:18 PM
To:
plug-discuss@lists.plug.phoenix.az.us
Subject: Re: Setting Up Bind9 Test
What version of named? Maybe different versions...
user@idns01:~$ named -v
BIND 9.4.2-P2.1
Did rndc give any reply? Do you get *any* response from the server
querying it?
Usually /var/log/daemon will give you some kind of growling if it's not
allowing you to query, see how clean it loads:
Aug 14 20:03:32 idns01 named[17031]: starting BIND 9.4.2-P2.1 -u bind
Aug 14 20:03:32 idns01 named[17031]: found 2 CPUs, using 2 worker threads
Aug 14 20:03:32 idns01 named[17031]: loading configuration from
'/etc/bind/named.conf'
Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface lo,
127.0.0.1#53
Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface eth0,
10.xx.xx.y#53
Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
254.169.IN-ADDR.ARPA
Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
2.0.192.IN-ADDR.ARPA
Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
255.255.255.255.IN-ADDR.ARPA
Aug 14 20:03:32 idns01 named[17031]: command channel listening on
127.0.0.1#953
Aug 14 20:03:32 idns01 named[17031]: zone 0.in-addr.arpa/IN: loaded serial 1
Aug 14 20:03:32 idns01 named[17031]: zone 127.in-addr.arpa/IN: loaded
serial 1
Aug 14 20:03:32 idns01 named[17031]: zone 255.in-addr.arpa/IN: loaded
serial 1
Aug 14 20:03:32 idns01 named[17031]: zone localhost/IN: loaded serial 1
Aug 14 20:03:32 idns01 named[17031]: running
Check using "sudo netstat -anp | grep named" that it's actually
*running* right:
user@idns01:~$ sudo netstat -anp | grep named
tcp 0 0 10.xx.xx.y:53 0.0.0.0:* LISTEN
4763/named
tcp 0 0 127.0.0.1:53 0.0.0.0:*
LISTEN 4763/named
tcp 0 0 127.0.0.1:953 0.0.0.0:*
LISTEN 4763/named
udp 0 0 10.xx.xx.y:53 0.0.0.0:*
4763/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
4763/named
Should at least get response for localhost:
user@idns01:~$ host 127.0.0.1 10.xx.xx.y
Using domain server:
Name: 10.xx.xx.y
Address: 10.xx.xx.y#53
Aliases:
1.0.0.127.in-addr.arpa domain name pointer localhost.
You'll know it works when:
user@idns01:~$ host yahoo.com 10.xx.xx.y
Using domain server:
Name: 10.xx.xx.y
Address: 10.xx.xx.y#53
Aliases:
yahoo.com has address 209.191.122.70
yahoo.com has address 67.195.160.76
yahoo.com has address 69.147.125.65
yahoo.com has address 72.30.2.43
yahoo.com has address 98.137.149.56
<blah>
If still nada, launch named with "-d 10" flag adding to named daemon
launch options, modifying the init script or default options files for
respective distro.
Should shed some light on it, otherwise there's tons of docs a google away.
HTH
On 08/14/2011 07:52 PM, David Demland wrote:
> Lisa and Michael,
>
> Thank you for your input. I did not think about the rndc so I reloaded
> just for the heck of it. Yet I am still not getting Metasploit to show
> the recursive call working. Here is the named.conf.options file:
>
> options {
>
> directory "/var/cache/bind";
>
> dump-file "/var/cache/bind/data/cache_dump.db";
>
> statistics-file "/var/cache/bind/data/named_stats.txt";
>
> recursion yes;
>
> auth-nxdomain no; # conform to RFC1035
>
> allow-recursion { any; };
>
> allow-query { any; };
>
> // allow-query-cache { any; };
>
> listen-on port 53 { any; };
>
> };
>
> I was unable to get the allow-query-cache line to load, I am not sure
> what I did wrong.
>
> I did find the same pages and I have been through them, but I do not see
> what I am missing. What else am I missing?
>
> Thank You,
>
> David
>
> P.S.
>
> Lisa - thank you so much for yesterday. You have really given my class a
> lot to talk about. I am looking forward to class this week with them to
> see what else is said.
>
> *From:*plug-discuss-bounces@lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] *On Behalf Of
> *Lisa Kachold
> *Sent:* Sunday, August 14, 2011 4:48 PM
> *To:* Main PLUG discussion list
> *Subject:* Re: Setting Up Bind9 Test
>
> Hi David!
>
> Nice to see you on Saturday!
>
> Bind9 can be fussy (rndc controls everything).
>
> You ARE changing the right item to turn recursion on.
> http://www.eukhost.com/forums/f15/turning-off-dns-recursion-bind-2283/
>
> But you can also do this in a Bind9 ACL using the "Views" feature:
> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch07.html
> http://oreilly.com/pub/a/oreilly/networking/news/views_0501.html
>
> Are you restarting named after a change? "/etc/init.d/named restart"
> If you have rndc are you reloading? "rdnc reload"
>
> Do you have logging turned on, so you can see what is happening?
> https://help.ubuntu.com/community/BIND9ServerHowto
>
> Are you editing the right file? There's a chroot? "locate named.conf"
>
> On Sun, Aug 14, 2011 at 10:27 AM, David Demland <demland@cox.net
> <mailto:demland@cox.net>> wrote:
>
> I am trying to set up a DNS poisoning test as an example for my class. I
> have setup both an Ubuntu 6.10 and 10.10 server. When I use my Backtrack
> system to check the DNS server I get a message "This server is not
> replying to recursive requests". I have added "allow-recursion { any;
> };" to my configuration file. Yet the Backtrack system still fails. What
> do I have to do to allow on the DNS server for the Backtrack system to
> do the recursive request?
>
> Thank you for your help,
>
> David
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
>
> --
> (602) 791-8002 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> HomeSmartInternational.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> No virus found in this message.
> Checked by AVG - www.avg.com <http://www.avg.com>
> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-----
No virus found in this message.
Checked by AVG -
www.avg.com
Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss