For the last couple of days, I have been trying to connect my Bind9 server to my AD's DNS as a secondary zone, to no avail.
The problem seems to be that when trying to get a zone transferred from the master, the packets will be dropped, though there are no firewalls that should be rejecting them.
I can ping all of them with no problem, and I can also transfer the zone via nslookup from a normal windows client.
Looking at Wireshark and tcpdump -i any port 53 when connecting the Bind server to the ADDNS server, gives me this:
https://i.imgur.com/soToiCM.png
And looking at the named status, it gives me this:
https://i.imgur.com/COiFTrk.png
It says something about keys, which I am assuming has something to do with DNSSEC, even though I have no configured DNSSEC on any of the machines yet.
CentNS: 192.168.64.128
AD DNS: 192.168.64.64
I have tried disabling both firewalld and disable all rules on the Windows firewall to, but it's still the same problem according to Wireshark
This is all done on a host-only network on VMWare, with pfsense connecting the two. (No rules configured on pfsense, fresh install)
I am still sort of new to Linux, especially when it comes to administration of servers.
Here is my named.conf for the secondary and reverse zone on my CentOS server.
Code: Select all
options {
check-names master warn;
listen-on port 53 { 192.168.64.128; 127.0.0.1; };
filter-aaaa-on-v4 yes;
directory "/var/named/";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-transfer { 192.168.64.64; 192.168.64.128; };
allow-notify { 192.168.64.64; 192.168.64.128; };
recursion yes;
dnssec-enable no;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "centNS.bliss.lan" IN
{
type slave;
file "/var/named/zones/centNS.bliss.lan";
masters { 192.168.64.64; };
notify yes;
};
zone "64.168.192.in-addr-arpa" IN
{
type slave;
file "/var/named/revZones/64.128.192.in-addr-arpa";
masters { 192.168.64.64; };
notify yes;
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
I have tried:
- *Disabling firewall on both Windows and CentOS
*Setting a record in the AD DNS for my CentNS server
*Making sure that Windows has BIND enabled
Sorry if I am lacking information, just tell me and I'll provide some.
Any help would be appreciated