DNS Bind, forwarers { ... } through proxy

A

Alexander2013-11-20 18:19:26

linux

Alexander, 2013-11-20 18:19:26

Hello.
I am learning to deploy DNS on the network. I understand how Bind works, but previously I always configured it with direct access to the Network, which allowed me to specify in the forwaders section { 8.8.8.8; 8.8.4.4; }; and requests for external resources went to the Google servers. Now in the test environment, a proxy on Squid (Debian, Squid version 3.1.20) has appeared, which is minimally configured to proxy requests from the internal network without authorization.

Configs in a minimal state, just to make it work:

directory "/var/cache/bind";
forwarders {
                8.8.8.8; 8.8.4.4;
        };
dnssec-validation auto;

        auth-nxdomain no;    # conform to RFC1035
        listen-on port 53 { 127.0.0.1; 10.1.1.3; };
        disable-empty-zone yes;

zone "agc.com" {
        type master;
        file "db-agc.com";
        journal "/var/cache/bind/db-agc.com.jnl";
        allow-update {key rndc-key;};
};

zone "1.1.10.in-addr.arpa" {
        type master;
        file "db-1.1.10";
        journal "/var/cache/bind/db-1.1.10.jnl";
        allow-update { key rndc-key; };
};

Permission forward and reverse for internal hosts works.
Sample network diagram:
Diagram">

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

E

eisaev, 2013-11-20
@asand3r

Change the contents of resolv.conf on the server with Squid to:

domain agc.com
search agc.com
nameserver 10.1.1.3

If it is necessary that DNS requests from clients go to your Bind, then you will either have to configure NAT, as you were recommended on another resource, or run some kind of caching DNS server, for example dnsmasq, on the server with Squid.