Folks, Had to do some testing where we wanted our own insulated fake root environment. We wanted to start from simulated root name servers. I was surprised I couldn't find a complete example even after some extensive searches.
The concepts are easy, but the devil is in the details. We had done this before, but no one ever kept notes so I figured by posting it on the list it will eventually find its way into Google. Here are the setup instructions below, name & ip address have been changed to protect the innocent! Your comments/suggestions are welcome! # # This document describes a complete BIND fake root setup # ?'s - jm5...@att.com # # One DNS server is fake root (Host 12 - 1.2.3.4) # One DNS server is com TLD (Host 13 - 1.2.3.5) # One DNS server is bongo.com (Host 06 - 1.2.3.6) # One DNS server is support.bongo.com NS (Host 07 - 1.2.3.7) # ================= Host 12 - FAKE ROOT - 1.2.3.4 zone "." { type master; file "named.root"; }; -- contents named.root $TTL 5m @ IN SOA . rname.invalid. ( 0 ; serial 5m ; refresh 5m ; retry 5m ; expire 5m ) ; minimum @ IN NS fake-root.com fake-root.com IN A 1.2.3.4 com IN NS tld.com tld.com IN A 1.2.3.5 . IN TXT "FAKE ROOT" -- contents /etc/resolv.conf nameserver 1.2.3.4 ==================== Host 13 - FAKE .COM TLD server - 1.2.3.5 zone "." { type hint; file "named.root"; }; zone "com" {type master; file "named.com";}; -- contents named.root $TTL 5m . 300 IN NS fake-root.com. fake-root.com. 300 IN A 1.2.3.4 -- contents named.com $TTL 5m @ IN SOA @ rname.invalid. ( 0 ; serial 5m ; refresh 5m ; retry 5m ; expire 5m ) ; minimum @ IN NS tld tld A 1.2.3.5 fake-root A 1.2.3.4 bongo NS ns1.bongo ns1.bongo A 1.2.3.6 @ IN TXT "FAKE COM SRVR" --- contents resolv.conf nameserver 1.2.3.5 ============== Host 06 - NS for BONGO.COM - 1.2.3.6 zone "bongo.com" {type master; file "db.bongo.com" ;}; ---- contents db.bongo.com $TTL 10m lammens.com. IN SOA ns1.lammens.com. contact.lammens.com. ( 2 ; Serial 5m ; Refresh after 5 minutes 2m ; Retry after 2 minutes 15m ; Expire after 15 minutes 1m ) ; Negative cachng TTL of 1 minute lammens.com. IN NS ns1.lammens.com. ns1.lammens.com. IN A 1.2.3.6 support.lammens.com. IN NS ns1.support.lammens.com. ns1.support.lammens.com. IN A 1.2.3.7 ============== Host 07 - NS for SUPPORT.BONGO.COM - 1.2.3.7 zone "support.bongo.com" IN { type master; file "db.support.bongo.com"; }; ---- contents db.support.bongo.com $TTL 10m support.bongo.com. IN SOA ns1.support.bongo.com. contact.bongo.com. ( 11 ; Serial 5m ; Refresh after 5 minutes 2m ; Retry after 2 minutes 15m ; Expire after 15 minutes 1m ) ; Negative cachng TTL of 1 minute support.bongo.com. IN NS ns1.support.bongo.com. ns1.support.bongo.com. IN A 1.2.3.7 ======= complete test trace root@Host 13# dig support.bongo.com ns +trace +add ; <<>> DiG 9.9.3-S1-P1a-RedHat-2.0-2 <<>> support.bongo.com ns +trace +add ;; global options: +cmd . 300 IN NS fake-root.com. fake-root.com. 300 IN A 1.2.3.4 ;; Received 70 bytes from 1.2.3.5#53(1.2.3.5) in 0 ms com. 86400 IN NS tld.com. tld.com. 86400 IN A 1.2.3.5 ;; Received 82 bytes from 1.2.3.4#53(fake-root.com) in 1 ms bongo.com. 300 IN NS ns1.bongo.com. ns1.bongo.com. 300 IN A 1.2.3.6 ;; Received 82 bytes from 1.2.3.5#53(tld.com) in 1 ms support.bongo.com. 600 IN NS ns1.support.bongo.com. ns1.support.bongo.com. 600 IN A 1.2.3.7 ;; Received 116 bytes from 1.2.3.6#53(ns1.bongo.com) in 4 ms support.bongo.com. 600 IN NS ns1.support.bongo.com. ns1.support.bongo.com. 600 IN A 1.2.3.7 ;; Received 116 bytes from 1.2.3.7#53(ns1.support.bongo.com) in 1 ms ---------------- John Murtari - jm5...@att.com<mailto:jm5...@att.com> Ciberspring office: 315-944-0998
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users