CNIT 40 Proj 5x: Primary Master DNS Server with Bind on Linux (15 pts.)

What You Need for This Project

Purpose

Configure a Bind DNS server which is the primary SOA for a domain, and does not accept recursive queries.

Testing your Kali Linux DNS Server

Start your Kali Linux machine.

In a Terminal window, execute this command:

ping google.com
You should see replies, as shown below. If you don't see replies, you need to troubleshoot your networking.

Press Ctrl+C to stop the pings.

In a Terminal window, execute this command:

netstat -an | grep 53
You should see tcp and udp ports LISTENING, as shown below.

If you don't see the listening ports, you need to restart or reinstall Bind.

In a Terminal window, execute this command:

dig @127.0.0.1 yahoo.com
You should see an ANSWER SECTION containing some IP addresses, as shown below.

If you don't see the answers, you need to restart or reinstall Bind.

This shows that your server is now operating as a recursive server, which is not what a SOA server should do.

Finding your Server's IP Address

In a Terminal window, execute this command:
ifconfig
Make a note of your server's IP address.

Editing named.conf.local

The zone statement you are adding here tells Bind that it has authoritative information about a domain.

In a Terminal window, execute these commands:

cp /etc/bind/named.conf.local /etc/bind/named.conf.local.bak

nano /etc/bind/named.conf.local

Add this code to the end of the file, as shown below, replacing YOURNAME with your own name or domain: 
       zone "YOURNAME.com" {
             type master;
             file "/etc/bind/db.YOURNAME.com";
        };

Save the file with Ctrl+X, Y, Enter.

Making the Zone File

In a Terminal window, execute this command, replacing YOURNAME with your own name or domain:
nano /etc/bind/db.YOURNAME.com
Enter this data into the file, replacing YOURNAME with your own name or domain, and the IP addresses with the IP address of your server: 
;
; BIND data file for YOURNAME.com            
;
$TTL    604800
@       IN      SOA     ns1.YOURNAME.com. root.YOURNAME.com. (
                              2         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      ns1.YOURNAME.com.
@       IN      NS      ns2.YOURNAME.com.

YOURNAME.com.           IN      A       199.188.72.153
ns1                     IN      A       199.188.72.153
ns2                     IN      A       199.188.72.153
Your file should resemble the example below.

Save the file with Ctrl+X, Y, Enter.

Restarting Bind

In a Terminal window, execute these commands, replacing YOURNAME with your own name or domain:
service bind9 restart

dig @127.0.0.1 YOURNAME.com

You should see the aa flag in the answer, showing that this server is now authoritative for this domain, as shown below.

Saving a Screen Image

Make sure these items are visible:

Save a whole-desktop image with the filename "YOUR NAME Proj 5xa", replacing "YOUR NAME" with your real name.

YOU MUST SUBMIT A FULL-DESKTOP IMAGE FOR FULL CREDIT!

Performing a Recursive Query

In a Terminal window, execute this command:
dig @127.0.0.1 yahoo.com
You should see an ANSWER SECTION containing some IP addresses, as shown below.

This shows that your server is still operating as a recursive server.

That's not something an SOA server should do. The purpose of this server is to serve as the SOA for the YOURNAME.com domain, not to provide general DNS resolution for the machines on a LAN.

Disabling Recursive Queries

In a Terminal window, execute these commands:

cp /etc/bind/named.conf.options /etc/bind/named.conf.options.bak

nano /etc/bind/named.conf.options

At the bottom of the file, before the 
};
line, insert these three lines: 
allow-transfer {"none";};
allow-recursion {"none";};
recursion no;
Your file should look like the image below:

Save the file with Ctrl+X, Y, Enter.

Performing another Recursive Query

In a Terminal window, execute these commands:
service bind9 restart

dig @127.0.0.1 yahoo.com

You should see "status: REFUSED", as shown below.

Saving a Screen Image

Make sure you can see at the "status: REFUSED" message.

Save a whole-desktop image with the filename "YOUR NAME Proj 5xb", replacing "YOUR NAME" with your real name.

YOU MUST SUBMIT A FULL-DESKTOP IMAGE FOR FULL CREDIT!

Turning In Your Project

Email the images to me as an attachments to an e-mail message. Send it to: cnit.40@gmail.com with a subject line of "Proj 5x From YOUR NAME", replacing "YOUR NAME" with your real name.

Send a Cc to yourself.

Reverse DNS Records

I didn't include it in this project, but it's good to also include reverse DNS records. For details, see the Source below.

Sources

http://linuxconfig.org/linux-dns-server-bind-configuration

Last modified 8:25 am 10-31-13