Bind 9 Master zone

[dragon_sa]

I have set up a centos server to use as a open wireless hotspot delivery system, I want it to act as a dns server and redirect all web addresses and IP addresses back to it self, and display its own web pages stored instead, as there will be no internet access on the lan or to the server. The following is what I want to try and implement, any help in achieving this would be appreciated.



[quote] To do this I believe you would create a master zone named "." in your named.conf (comment out the default "." zone with the hints information). Then, create a zone file which contains a series of wildcard records for the IP that you want to have everyone directed to. If other people will be connecting their own computers to this network, then keep in mind that some people will use their own DNS settings (OpenDNS, Google Public DNS, etc.) instead of the DNS server issued by DHCP, so unless you're blocking DNS at the firewall there is still a way around it. An HTTP proxy server at your routing point might be a better solution if that is the case.[/quote]

So to recap on my goals is to set up master zone to redirect all requests to local machine, and block external dns at the firewall.

I am not sure how to do this, I have webmin installed and bind 9..3.6 on centos 5.5, and running apache for the web server

[nosebreaker]

I *think* you would (assuming your named is in a chroot jail like mine):

Edit your /var/named/chroot/etc/named.conf
[code]zone "." IN {
type hint;
file "named.somethingelse";
};
[/code]

And then in your /var/named/chroot/var/named/named.somethingelse
[code]* A your_ip_address ; GLOBALOK[/code]

I think that breaks your DNS though. You might want to look into setting up a split DNS setup.
For this, edit your /var/named/chroot/etc/named.conf
[code]
acl internals {
127.0.0.0/8;
192.168.1.0/24; // assuming this is servers you want to be able to get to the outside
};

view "internal" {
match-clients { internals; };
zone "." IN {
type hint;
file "named.root";
};
};

view "external" {
match-clients { any; };

zone "." IN {
type hint;
file "named.somethingelse";
};

}; // end of external view
[/code]



But it sounds like you are trying to solve the problem of not allowing wireless users access to the internet, in which case you should probably just get a linksys/cisco access-point that has a password on it to prevent people getting out. They cost about $100 these days.

[dragon_sa]

The server is going to be 99% used by wireless mobile phones. The issue with DNS is not so much about redirection of http traffic, it is because a web browser (especially a mobile web browser) will usually attempt to reach some internet web site (e.g. apple, or Microsoft, or google) and if the hostname lookup fails, it will automatically drop the wireless connection and switch back to 3G service (if it is available)

Therefore, it is important to make sure that the attempt to resolve that remote internet hostname results in some valid (and reachable) IP address. If you can make *any* hostname resolve to the local Ip address of your web server, that will produce the most effective result.

There will be no actual internet at each location I just want to serve the information on the web server attached to the open wireless access point, like in a hotel or another hot spot you open your web browser and no matter what address you enter it resolves to their sign up page like a walled garden, except there is no signing up or authentication, just the freely available local information.

[nosebreaker]

FYI - I may have screwed up on the config, I list the "." domain as type hints, but you don't want that, you want type master, so you can make it a regular zone file with that wildcard.

[dragon_sa]

using check bind config in webmin I am getting the following errors

* zone ./IN: loading master file named.root: file not found
* internal/./IN: file not found
* zone ./IN: loading master file named.hold: file not found
* external/./IN: file not found

heres what is in my named.conf, also I can only find a sample file of named.root, do I need to create this and what should be in it, and where do I put it?

[code]
options {
directory "/etc";
pid-file "/var/run/named/named.pid";
};
acl internals {
127.0.0.0/8;
10.0.50.0/24; // assuming this is servers you want to be able to get to the outside
};
view "internal" {
match-clients { internals; };
zone "." IN {
type master;
file "named.root";
};
};
view "external" {
match-clients { any; };
zone "." IN {
type master;
file "named.hold";
};
}; // end of external view
[/code]

Thank you for your help nosebreaker

[dragon_sa]

Anyone able to help with this issue of setting up the dns?

This is my first attempt at getting my own dns operating, very much a newbie as far as configuration for this goes.

[TrevorH]

A first step would be to fix the 'file not found' error messages that you are currently getting. The named.root file needs to be generated by running

[code]
dig +bufsize=1200 +norec NS . @a.root-servers.net
[/code]

but you will need a working DNS server to allow that to work!

[dragon_sa]

I have the server currently connected to my lan which does have internet access, I ran the above command you gave me and it produced the below response, which I think worked, but searching my drive I cant find any file called named.root still

[quote]; > DiG 9.3.6-P1-RedHat-9.3.6-4.P1.el5_5.3 > +bufsize=1200 +norec NS . @a. root-servers.net ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61339 ;; flags: qr aa; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 22 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;. IN NS ;; ANSWER SECTION: . 518400 IN NS b.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS l.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS e.root-servers.net. ;; ADDITIONAL SECTION: a.root-servers.net. 3600000 IN A 198.41.0.4 a.root-servers.net. 3600000 IN AAAA 2001:503:ba3e::2:30 b.root-servers.net. 3600000 IN A 192.228.79.201 c.root-servers.net. 3600000 IN A 192.33.4.12 d.root-servers.net. 3600000 IN A 128.8.10.90 e.root-servers.net. 3600000 IN A 192.203.230.10 f.root-servers.net. 3600000 IN A 192.5.5.241 f.root-servers.net. 3600000 IN AAAA 2001:500:2f::f g.root-servers.net. 3600000 IN A 192.112.36.4 h.root-servers.net. 3600000 IN A 128.63.2.53 h.root-servers.net. 3600000 IN AAAA 2001:500:1::803f:235 i.root-servers.net. 3600000 IN A 192.36.148.17 i.root-servers.net. 3600000 IN AAAA 2001:7fe::53 j.root-servers.net. 3600000 IN A 192.58.128.30 j.root-servers.net. 3600000 IN AAAA 2001:503:c27::2:30 k.root-servers.net. 3600000 IN A 193.0.14.129 k.root-servers.net. 3600000 IN AAAA 2001:7fd::1 l.root-servers.net. 3600000 IN A 199.7.83.42 l.root-servers.net. 3600000 IN AAAA 2001:500:3::42 m.root-servers.net. 3600000 IN A 202.12.27.33 m.root-servers.net. 3600000 IN AAAA 2001:dc3::35 ;; Query time: 192 msec ;; SERVER: 198.41.0.4#53(198.41.0.4) ;; WHEN: Fri Apr 1 07:05:16 2011 ;; MSG SIZE rcvd: 671[/quote]

Running the check dns again gives me this

[quote] * zone ./IN: loading master file named.root: file not found * internal/./IN: file not found * zone ./IN: loading master file named.hold: file not found * external/./IN: file not found [/quote]

I do have a named.hold file located in /var/named/chroot/var/named
[Moderator edit: Change [i]code[/i] to [i]quote[/i] tags to wrap [b]excessively[/b] long lines.]

[TrevorH]

Sorry, you need to redirect the output from that command to the file that is reported as missing.

Mods: please could you fix up the quote/code tags on this thread as it now seems to need a dual monitor set up to display :-)

[pschaff]

Looked more like a quad or quint monitor issue to me. :roll: Wrapped the lines by changing tags, but did not attempt to "un-garble".

To [b]dragon_sa[/b] - please do not just paste long output into the Code or Quote widgets - they are broken and will strip out all line terminations. :-(
Just paste into the edit window instead, and fix the tags as required for correct formatting.