Niby działa, ale mam wrażenie, że nie do końca poprawnie.
BIND daje inne odpowiedzi niż DNSy Telekomów (TPSA, Plus, Netia).
Poniżej to samo pytanie do lokalnego BINDa i DNSa dostawcy (Plus LTE).
Kod: Zaznacz cały
root@openvpnas2:~# dig home.pl @192.168.181.12
; <<>> DiG 9.10.3-P4-Ubuntu <<>> home.pl @192.168.181.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39074
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 13, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;home.pl. IN A
;; ANSWER SECTION:
home.pl. 330 IN A 212.85.96.1
;; AUTHORITY SECTION:
. 26994 IN NS j.root-servers.net.
. 26994 IN NS e.root-servers.net.
. 26994 IN NS b.root-servers.net.
. 26994 IN NS k.root-servers.net.
. 26994 IN NS l.root-servers.net.
. 26994 IN NS h.root-servers.net.
. 26994 IN NS f.root-servers.net.
. 26994 IN NS d.root-servers.net.
. 26994 IN NS c.root-servers.net.
. 26994 IN NS g.root-servers.net.
. 26994 IN NS m.root-servers.net.
. 26994 IN NS i.root-servers.net.
. 26994 IN NS a.root-servers.net.
;; Query time: 162 msec
;; SERVER: 192.168.181.12#53(192.168.181.12)
;; WHEN: Fri Apr 14 14:37:02 CEST 2017
;; MSG SIZE rcvd: 263
Kod: Zaznacz cały
root@openvpnas2:~# dig home.pl @212.2.96.51
; <<>> DiG 9.10.3-P4-Ubuntu <<>> home.pl @212.2.96.51
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31954
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 7
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;home.pl. IN A
;; ANSWER SECTION:
home.pl. 285 IN A 212.85.96.1
;; AUTHORITY SECTION:
home.pl. 51540 IN NS dns2.home.pl.
home.pl. 51540 IN NS dns.home.pl.
home.pl. 51540 IN NS dns3.home.pl.
;; ADDITIONAL SECTION:
dns.home.pl. 2173 IN A 46.242.149.10
dns.home.pl. 2173 IN A 46.242.149.11
dns2.home.pl. 2429 IN A 46.242.149.20
dns2.home.pl. 2429 IN A 46.242.149.21
dns3.home.pl. 2084 IN A 46.242.149.30
dns3.home.pl. 2084 IN A 46.242.149.31
;; Query time: 645 msec
;; SERVER: 212.2.96.51#53(212.2.96.51)
;; WHEN: Fri Apr 14 14:37:47 CEST 2017
;; MSG SIZE rcvd: 204
Czy tak ma być?
Jak forwarders w BIND mam ustawione DNSy Plusa
Kod: Zaznacz cały
root@arch:/etc/bind# cat named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
212.2.96.51;
212.2.96.52;
// 194.204.152.34;
// 194.204.159.1;
8.8.8.8;
};
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
// dnssec-enable yes;
dnssec-validation auto;
// dnssec-lookaside auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
root@arch:/etc/bind#