I want some problems with a DNS (bind9) on my home network. So if someone has some experience please help me.
My network is made from a ISP provided router (192.168.1.1) and my local router (router.dan.local --> WAN=eth0=192.168.1.25; LAN=eth1=10.10.10.1).
Local router (router.dan.local) is a Debian 8.2 headless server ( Atom CPU, with eth0 on WAN and eth1 on LAN).
The problem is that from LAN ( 10.10.10.0 /24) I can never resolve any address. It seems that 10.10.10.1 DNS do not do anything.
When I put 8.8.8.8 in /etc/resolv.conf of the client (10.10.10.80) then I can ping/dig/nslookup any web page.
On same machine (router.dan.local) I have dhcp (for LAN) and squid proxy . Both are working fine.
Thanks !
my configuration for bind is:
/etc/hostname
Code: Select all
router
Code: Select all
domain home
search home
nameserver 127.0.0.1
nameserver 192.168.1.1
Code: Select all
acl goodclients {
127.0.0.0/8;
10.0.0.0/8;
localhost;
localnets;
};
options {
directory "/var/cache/bind";
forward only;
forwarders {
192.168.1.1;
8.8.8.8;
8.8.4.4;
};
recursion yes;
allow-query { goodclients;};
listen-on { any; };
version none;
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Code: Select all
zone "dan.local" {
type master ;
file "/etc/bind/for.local" ;
};
zone "10.10.10.in-addr.arpa" {
type master ;
file "/etc/bind/rev.local" ;
};
Code: Select all
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA router.dan.local. root.dan.local. (
201511222 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS router.dan.local.
@ IN A 10.10.10.1
router IN A 10.10.10.1
;hosts
user1 IN A 10.10.10.80
user2 IN A 10.10.10.60
user3 IN A 10.10.10.70
;
@ IN AAAA ::1
Code: Select all
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA router.dan.local. root.dan.local. (
201511222 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS router.dan.local.
;
1 IN PTR router.dan.local.
80 IN PTR user1.dan.local.
60 IN PTR user2.dan.local.
70 IN PTR user3.dan.local.
Code: Select all
root@router:/home/dan# iptables-save
# Generated by iptables-save v1.4.21 on Sun Nov 22 16:27:42 2015
*filter
:INPUT ACCEPT [18370:6711147]
:FORWARD ACCEPT [1062:752044]
:OUTPUT ACCEPT [16662:6932471]
-A FORWARD -i eth1 -j ACCEPT
COMMIT
# Completed on Sun Nov 22 16:27:42 2015
# Generated by iptables-save v1.4.21 on Sun Nov 22 16:27:42 2015
*nat
:PREROUTING ACCEPT [842:77890]
:INPUT ACCEPT [639:63012]
:OUTPUT ACCEPT [322:19740]
:POSTROUTING ACCEPT [47:3079]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun Nov 22 16:27:42 2015
root@router:/home/dan#