In a Terminal window, execute this command:
ping google.com
You should see replies,
as shown below.
If you don't see replies, you
need to troubleshoot your
networking.
Press Ctrl+C to stop the pings.
In a Terminal window, execute this command:
netstat -an | grep 53
You should see tcp and udp ports
LISTENING,
as shown below.
If you don't see the listening ports, you need to restart or reinstall Bind.
In a Terminal window, execute this command:
dig @127.0.0.1 yahoo.com
You should see an ANSWER SECTION
containing some IP addresses,
as shown below.
If you don't see the answers, you need to restart or reinstall Bind.
This shows that your server is now operating as a recursive server, which is not what a SOA server should do.
ifconfig
Make a note of your server's IP address.
In a Terminal window, execute these commands:
cp /etc/bind/named.conf.local /etc/bind/named.conf.local.bak
nano /etc/bind/named.conf.local
Add this code to the end of the file, as shown below, replacing
YOURNAME with your own name or domain:
zone "YOURNAME.com" {
type master;
file "/etc/bind/db.YOURNAME.com";
};
Save the file with Ctrl+X, Y, Enter.
nano /etc/bind/db.YOURNAME.com
Enter this data into the file, replacing
YOURNAME with your own name or domain, and the
IP addresses with the IP address of your server:
;
; BIND data file for YOURNAME.com
;
$TTL 604800
@ IN SOA ns1.YOURNAME.com. root.YOURNAME.com. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns1.YOURNAME.com.
@ IN NS ns2.YOURNAME.com.
YOURNAME.com. IN A 199.188.72.153
ns1 IN A 199.188.72.153
ns2 IN A 199.188.72.153
Your file should resemble the example
below.
Save the file with Ctrl+X, Y, Enter.
service bind9 restart
dig @127.0.0.1 YOURNAME.com
You should see the aa flag
in the answer, showing that this
server is now authoritative for
this domain,
as shown below.
Save a whole-desktop image with the filename "YOUR NAME Proj 5xa", replacing "YOUR NAME" with your real name.
YOU MUST SUBMIT A FULL-DESKTOP IMAGE FOR FULL CREDIT!
dig @127.0.0.1 yahoo.com
You should see an ANSWER SECTION
containing some IP addresses,
as shown below.
This shows that your server is still operating as a recursive server.
That's not something an SOA server should do. The purpose of this server is to serve as the SOA for the YOURNAME.com domain, not to provide general DNS resolution for the machines on a LAN.
In a Terminal window, execute these commands:
cp /etc/bind/named.conf.options /etc/bind/named.conf.options.bak
nano /etc/bind/named.conf.options
At the bottom of the file, before the
};
line, insert these three lines:
allow-transfer {"none";};
allow-recursion {"none";};
recursion no;
Your file should look like the image below:
Save the file with Ctrl+X, Y, Enter.
service bind9 restart
dig @127.0.0.1 yahoo.com
You should see "status: REFUSED",
as shown below.
Save a whole-desktop image with the filename "YOUR NAME Proj 5xb", replacing "YOUR NAME" with your real name.
YOU MUST SUBMIT A FULL-DESKTOP IMAGE FOR FULL CREDIT!
Send a Cc to yourself.