RE: Setting Up Bind9 Test

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: David Demland
Date:  
To: michael, 'Main PLUG discussion list'
Subject: RE: Setting Up Bind9 Test
Michael,

It is version 9.3.2 because that is the version I found on the internet that
allowed for the DNS poison example to work. The rndc status shows there are
6/1000 recursive clients, but other than that everything is 0. The host
command shows very similar to your examples, which is what I expected. I
have added the -d 10 to the options, yet I see nothing in the log files.
What is the next step?

Thank You,

David

-----Original Message-----
From:
[mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Michael
Butash
Sent: Sunday, August 14, 2011 8:18 PM
To:
Subject: Re: Setting Up Bind9 Test

What version of named? Maybe different versions...

user@idns01:~$ named -v
BIND 9.4.2-P2.1

Did rndc give any reply? Do you get *any* response from the server
querying it?

Usually /var/log/daemon will give you some kind of growling if it's not
allowing you to query, see how clean it loads:

Aug 14 20:03:32 idns01 named[17031]: starting BIND 9.4.2-P2.1 -u bind
Aug 14 20:03:32 idns01 named[17031]: found 2 CPUs, using 2 worker threads
Aug 14 20:03:32 idns01 named[17031]: loading configuration from
'/etc/bind/named.conf'
Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface lo,
127.0.0.1#53
Aug 14 20:03:32 idns01 named[17031]: listening on IPv4 interface eth0,
10.xx.xx.y#53
Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
254.169.IN-ADDR.ARPA
Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
2.0.192.IN-ADDR.ARPA
Aug 14 20:03:32 idns01 named[17031]: automatic empty zone:
255.255.255.255.IN-ADDR.ARPA
Aug 14 20:03:32 idns01 named[17031]: command channel listening on
127.0.0.1#953
Aug 14 20:03:32 idns01 named[17031]: zone 0.in-addr.arpa/IN: loaded serial 1
Aug 14 20:03:32 idns01 named[17031]: zone 127.in-addr.arpa/IN: loaded
serial 1
Aug 14 20:03:32 idns01 named[17031]: zone 255.in-addr.arpa/IN: loaded
serial 1
Aug 14 20:03:32 idns01 named[17031]: zone localhost/IN: loaded serial 1
Aug 14 20:03:32 idns01 named[17031]: running

Check using "sudo netstat -anp | grep named" that it's actually
*running* right:

user@idns01:~$ sudo netstat -anp | grep named
tcp        0      0 10.xx.xx.y:53         0.0.0.0:*               LISTEN 
      4763/named
tcp        0      0 127.0.0.1:53            0.0.0.0:* 
LISTEN      4763/named
tcp        0      0 127.0.0.1:953           0.0.0.0:* 
LISTEN      4763/named
udp        0      0 10.xx.xx.y:53         0.0.0.0:* 
       4763/named
udp        0      0 127.0.0.1:53            0.0.0.0:* 
         4763/named


Should at least get response for localhost:

user@idns01:~$ host 127.0.0.1 10.xx.xx.y
Using domain server:
Name: 10.xx.xx.y
Address: 10.xx.xx.y#53
Aliases:

1.0.0.127.in-addr.arpa domain name pointer localhost.

You'll know it works when:

user@idns01:~$ host yahoo.com 10.xx.xx.y
Using domain server:
Name: 10.xx.xx.y
Address: 10.xx.xx.y#53
Aliases:

yahoo.com has address 209.191.122.70
yahoo.com has address 67.195.160.76
yahoo.com has address 69.147.125.65
yahoo.com has address 72.30.2.43
yahoo.com has address 98.137.149.56
<blah>

If still nada, launch named with "-d 10" flag adding to named daemon
launch options, modifying the init script or default options files for
respective distro.

Should shed some light on it, otherwise there's tons of docs a google away.

HTH


On 08/14/2011 07:52 PM, David Demland wrote:
> Lisa and Michael,
>
> Thank you for your input. I did not think about the rndc so I reloaded
> just for the heck of it. Yet I am still not getting Metasploit to show
> the recursive call working. Here is the named.conf.options file:
>
> options {
>
>                  directory "/var/cache/bind";

>
>                  dump-file "/var/cache/bind/data/cache_dump.db";

>
>                  statistics-file "/var/cache/bind/data/named_stats.txt";

>
>                  recursion yes;

>
>                  auth-nxdomain no;    # conform to RFC1035

>
>                  allow-recursion { any; };

>
>                  allow-query { any; };

>
>                  //  allow-query-cache { any; };

>
>                  listen-on port 53 { any; };

>
> };
>
> I was unable to get the allow-query-cache line to load, I am not sure
> what I did wrong.
>
> I did find the same pages and I have been through them, but I do not see
> what I am missing. What else am I missing?
>
> Thank You,
>
> David
>
> P.S.
>
> Lisa - thank you so much for yesterday. You have really given my class a
> lot to talk about. I am looking forward to class this week with them to
> see what else is said.
>
> *From:*
> [mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] *On Behalf Of
> *Lisa Kachold
> *Sent:* Sunday, August 14, 2011 4:48 PM
> *To:* Main PLUG discussion list
> *Subject:* Re: Setting Up Bind9 Test
>
> Hi David!
>
> Nice to see you on Saturday!
>
> Bind9 can be fussy (rndc controls everything).
>
> You ARE changing the right item to turn recursion on.
> http://www.eukhost.com/forums/f15/turning-off-dns-recursion-bind-2283/
>
> But you can also do this in a Bind9 ACL using the "Views" feature:
> http://www.bind9.net/manual/bind/9.3.1/Bv9ARM.ch07.html
> http://oreilly.com/pub/a/oreilly/networking/news/views_0501.html
>
> Are you restarting named after a change? "/etc/init.d/named restart"
> If you have rndc are you reloading? "rdnc reload"
>
> Do you have logging turned on, so you can see what is happening?
> https://help.ubuntu.com/community/BIND9ServerHowto
>
> Are you editing the right file? There's a chroot? "locate named.conf"
>
> On Sun, Aug 14, 2011 at 10:27 AM, David Demland <
> <mailto:demland@cox.net>> wrote:
>
> I am trying to set up a DNS poisoning test as an example for my class. I
> have setup both an Ubuntu 6.10 and 10.10 server. When I use my Backtrack
> system to check the DNS server I get a message "This server is not
> replying to recursive requests". I have added "allow-recursion { any;
> };" to my configuration file. Yet the Backtrack system still fails. What
> do I have to do to allow on the DNS server for the Backtrack system to
> do the recursive request?
>
> Thank you for your help,
>
> David
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> <mailto:PLUG-discuss@lists.plug.phoenix.az.us>
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
>
>
> --
> (602) 791-8002 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> HomeSmartInternational.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> No virus found in this message.
> Checked by AVG - www.avg.com <http://www.avg.com>
> Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-----
No virus found in this message.
Checked by AVG - www.avg.com
Version: 10.0.1392 / Virus Database: 1520/3834 - Release Date: 08/14/11

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss