bind, dns, dig, lookup

sudo aptitude update; sudo aptitude install bind9

/etc/bind/named.conf

sudo mv /etc/bind/named.conf /etc/bind/named.conf.old
sudo vim /etc/bind/named.conf

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";


zone "example.com" {
     type master;
     file "/etc/bind/db.example.com";
};

zone "1.168.192.in-addr.arpa" {
        type master;
        notify no;
        file "/etc/bind/db.192";
};

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        // forwarders {
        //      0.0.0.0;
        // };

        forwarders {
        # Replace the address below with the address of your provider's DNS server
        8.8.8.8;
        };

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};

/etc/bind/db.example.com

sudo vim /etc/bind/db.example.com

$TTL    604800
@       IN      SOA     dns.example.com. root.example.com. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      dns.example.com.
dns      IN      A       192.168.1.16
www     IN      A       192.168.1.14
alias     IN      CNAME       www

/etc/bind/db.192

sudo vim /etc/bind/db.192

;
; BIND reverse data file for local loopback interface
;
$TTL    604800
@       IN      SOA     dns.example.com. root.example.com. (
                              3         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
@       IN      NS      dns.
16      IN      PTR     dns.example.com.
14      IN      PTR     www.example.com.

1. Editar siguiente archivo:

sudo cp /etc/resolv.conf /etc/resolv.conf.bak

sudo vim /etc/resolv.conf

Con el siguiente contenido:

search example.com
nameserver 192.168.1.16

La ip 192.168.1.16 es la de la maquina donde esta corriendo bind

3. (Opcional) Instalar paquetes:

sudo aptitude update; sudo aptitude install dnsutils

4. Probar:

nslookup www.example.com

Deberia devolver algo parecido a:

nslookup www.example.com
Server:		192.168.1.16
Address:	192.168.1.16#53

Name:	www.example.com
Address: 192.168.1.14

Gracias al forward, por supuesto, tambien resuelve direcciones publicas:

nslookup www.gmail.com

Y deberia devolver:

Server:		192.168.1.16
Address:	192.168.1.16#53

Non-authoritative answer:
www.gmail.com	canonical name = mail.google.com.
mail.google.com	canonical name = googlemail.l.google.com.
Name:	googlemail.l.google.com

Tras editar los archivos de configuración:

sudo rndc reload

nslookup jamgo.es

Server:		127.0.0.1
Address:	127.0.0.1#53

** server can't find jamgo.es: REFUSED

Logs:

/var/log/syslog

Jan 22 14:28:55 dns-1 named[1082]: client 10.7.13.144#34533 (jamgo.es): query (cache) 'jamgo.es/A/IN' denied

Solucion

sudo vim /etc/bind/named.conf

Anyadir el rango de IPs que toquen:

# ANYADIDO 22/012015
acl "trusted" {
    10.7.13.0/24;
};

Y editar dentro de el bloque options esto:

options {
        # ADD
        allow-query { trusted; };
        allow-recursion { trusted; };
        allow-query-cache { trusted; };
};

Recargar config:

sudo /etc/init.d/bind9 reload