I have some problems with configuring BIND as my private server at root zone.
I have tried the dot "." (had read somewhere) and an empty string "" (my bad guess) as for the root zone identifier (which both have syntax errors)
zone "." { ; sorry
...
};
also
zone "" { ;sorry
...
};
Do you have any hint how to server the root zone?
(My Note: Serving the root zone might possibly be different from being a root-server!)
Update
The problem actually lies within the response policy zone at root ("."):
options {
#response-policy {zone "com"; }; #it is OK (before commenting)
response-policy {zone "."; }; #it makes error when loading the config
};
zone "."{
type master;
file "db/zone.root.db";
};
zone "com"{ #just for syntax test/check
type master;
file "db/zone.root.db";
};
named-checkconf -zj named.conf
zone ./IN: NS 'LOCALHOST' has no address records (A or AAAA)
zone ./IN: not loaded due to errors.
_default/./IN: bad zone
zone com/IN: loaded serial 1
NOTE: In both configurations : the one that the service loads and the other that terminates, the output is the same
dig www.google.com @127.0.0.1
01 ; <<>> DiG 9.10.4-P2 <<>> www.google.com @127.0.0.1
02 ;; global options: +cmd
03 ;; Got answer:
04 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58406
05 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1
06
07 ;; OPT PSEUDOSECTION:
08 ; EDNS: version: 0, flags:; udp: 4096
09 ;; QUESTION SECTION:
10 ;www.google.com. IN A
11
12 ;; ANSWER SECTION:
13 www.google.com. 5 IN CNAME nosslsearch.google.com.rpz.zone.
14 nosslsearch.google.com.rpz.zone. 3600 IN A 216.239.32.20
15
16 ;; AUTHORITY SECTION:
17 rpz.zone. 3600 IN NS LOCALHOST.
18
19 ;; Query time: 44 msec
20 ;; SERVER: 127.0.0.1#53(127.0.0.1)
21 ;; WHEN: Mon Aug 01 17:07:14 Daylight Time 2016
22 ;; MSG SIZE rcvd: 127
Note : See Line 13 and the trailing ".rpz.zone."
nslookup
01 > server 127.0.0.1
02 Default server: 127.0.0.1
03 Address: 127.0.0.1#53
04 > www.google.com
05 Server: 127.0.0.1
06 Address: 127.0.0.1#53
07
08 Non-authoritative answer:
09 www.google.com canonical name = nosslsearch.google.com.rpz.zone.
10 Name: nosslsearch.google.com.rpz.zone
11 Address: 216.239.32.20
ping www.google.com -n 1
1 Pinging nosslsearch.google.com.rpz.zone [216.239.32.20] with 32 bytes of data:
2 Reply from 216.239.32.20: bytes=32 time=149ms TTL=45
3
4 Ping statistics for 216.239.32.20:
5 Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
6 Approximate round trip times in milli-seconds:
7 Minimum = 149ms, Maximum = 149ms, Average = 149ms
Summary of above output snippets: the rpz.zone gets added everywhere, that's why I thought of moving to root area.
And this is my
zone.root.db file
01 $TTL 1H
02 @ SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)
03 NS LOCALHOST.
04
05 nosslsearch.google.com A 216.239.32.20
06 google.com CNAME nosslsearch.google.com
07 www.google.com CNAME nosslsearch.google.com
08
I just want to get rid of the rp.zone being appended to the responses!, how?
RPZ zones have special semantics defined, such that the name of the zone is not actually relevant to its operation.
In fact, the name should be chosen not to conflict with actual zones. RPZ data being loaded from a zone at all is just a way to make use of existing zone loading/synchronization mechanisms.
So you would not want to name the RPZ zone
.orcomor anything like that. However, as it is loaded as a zone, the regular master file specs do apply to how the contents are interpreted.eg for a zone named
example, the followingmeans
(unless explicitly overriding
$ORIGIN)While RPZ defines the owner name (left-most column) in a way so that when matching by query-name it auto-appends the RPZ zone name,
the CNAME record data (right-hand-side) is used as-is for cases where you are supplying local data. (Ie, when the CNAME data is not one of the special cases cases defined in RPZ, such as
rpz-drop.,.,*., etc)Long story short, you would want something like this instead: