Web lists-archives.com

Re: Setting up a local DNS server but clients that use it can't access the internet





On 24 February 2018 at 11:37, Reco <recoverym4n@xxxxxxxxx> wrote:
Ok, that actually gives us something.

First things first, Virgin Media uses different nameservers, according
to the RIPE, at least. They are ns[1-4].virginmedia.net.

Second, these cache[12].service.viginmedia.net you're trying to use as
forwarders may or may not be operational.
A couple of quick tests should clarify it (run it from the malfunctioning
DNS):

dig in a debian.org @194.168.4.100
dig in a debian.org @194.168.8.100

The above IP addresses are the ones that debian found by itself when I installed it, and were already in the resolv.conf file prior to me editting it.

Have attached the output of the above commands. 

> Is there a reason as to why the root DNSes aren't accessible to my BIND?

You forgot to put your DNS server at DMZ.
They block udp:53 and tcp:53 at Virgin Media.
Someone at *your* premises does the same.

As previously mentioned each server and client has 2 network cards, one which provides internet access to the client or server, and the other provides internal services that are on the local network after the firewall, the DNS server shouldn't be accessible by any clients or servers that are on the internet/external side of my router/firewall. 


Virus-free. www.avast.com
root@debian:~$ dig in a debian.org @194.168.4.100

; <<>> DiG 9.10.3-P4-Debian <<>> in a debian.org @194.168.4.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30672
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;debian.org.                    IN      A

;; ANSWER SECTION:
debian.org.             28      IN      A       5.153.231.4
debian.org.             28      IN      A       149.20.4.15
debian.org.             28      IN      A       130.89.148.14
debian.org.             28      IN      A       128.31.0.62

;; Query time: 17 msec
;; SERVER: 194.168.4.100#53(194.168.4.100)
;; WHEN: Sat Feb 24 11:55:05 GMT 2018
;; MSG SIZE  rcvd: 103

root@debian:~$ dig in a debian.org @194.168.8.100

; <<>> DiG 9.10.3-P4-Debian <<>> in a debian.org @194.168.8.100
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 25990
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;debian.org.                    IN      A

;; ANSWER SECTION:
debian.org.             20      IN      A       128.31.0.62
debian.org.             20      IN      A       5.153.231.4
debian.org.             20      IN      A       149.20.4.15
debian.org.             20      IN      A       130.89.148.14

;; Query time: 17 msec
;; SERVER: 194.168.8.100#53(194.168.8.100)
;; WHEN: Sat Feb 24 11:55:14 GMT 2018
;; MSG SIZE  rcvd: 103