log4jcheck icon indicating copy to clipboard operation
log4jcheck copied to clipboard

Published 20 hours ago verified publisher icon NorthwaveSecurity

Help with Bind conf files

Open freedombirdone opened this issue 3 years ago • 4 comments

Can you provide sample zone configuration files that works for bind9? I have the following configurations but I cannot seem to resolve the following queries:

HOST: $ nslookup ns1 Server: 127.0.0.53 Address: 127.0.0.53#53

** server can't find ns1: SERVFAIL

HOST.DOMAIN: $ nslookup ns1.example Server: 127.0.0.53 Address: 127.0.0.53#53

** server can't find ns1.example: NXDOMAIN

FQDN: $ nslookup ns1.example.local Server: 127.0.0.53 Address: 127.0.0.53#53

** server can't find ns1.example.local: SERVFAIL

Configurations:

/etc/bind/db.local ; ; BIND data file for local loopback interface ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. @ IN A 127.0.0.1 @ IN AAAA ::1

/etc/bind/db.example.local $TTL 604800 @ IN SOA ns1.example.local. root.ns1.example.local. ( 4 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS ns1.example.local. ns1 IN A 192.168.110.153 log4jdnsreq 3600 IN NS ns1.example.local.

freedombirdone avatar Dec 13 '21 20:12 freedombirdone

You don't actually need a zone file. The DNS server is supposed to respond with a SERVFAIL, but the query will still be logged in the query log. The snippets mentioned in the README.md are the only changes to to the default Bind Debian configuration.

bart-roos avatar Dec 14 '21 09:12 bart-roos

You can also do it without a DNS server at all, see #4

bortzmeyer avatar Dec 14 '21 10:12 bortzmeyer

You don't actually need a zone file. The DNS server is supposed to respond with a SERVFAIL, but the query will still be logged in the query log. The snippets mentioned in the README.md are the only changes to to the default Bind Debian configuration.

I understand you can use without a DNS server. I'm trying to understand how you get this run with a DNS server.

Where did you put this record? On the DNS callback server (log4jchecker) or on your domain name servers for northwave.nl?

log4jdnsreq 3600 IN NS log4jchecker.northwave.nl.

Is this basically creating a 'stub' zone named 'log4jdnsreq' and says host 'log4jchecker' is the name server for this stub zone? Where do you define the A records for the DNS callback server, on the callback server (log4jchecker) or on the domain name servers for northwave.nl?

freedombirdone avatar Dec 14 '21 19:12 freedombirdone

Where did you put this record? On the DNS callback server (log4jchecker) or on your domain name servers for northwave.nl?

log4jdnsreq 3600 IN NS log4jchecker.northwave.nl.

You would add this record to the DNS zone of northwave.nl, so on the DNS server that is already running for this domain. This entry makes log4jchecker.northwave.nl. the DNS server for *.log4jdnsreq.northwave.nl.. The host log4jchecker.northwave.nl. is where the script and the dummy DNS server that only does logging both run.

bart-roos avatar Dec 14 '21 19:12 bart-roos