We need to create an Stealth (DMZ, Split or Hidden Master) Name Server. We are able to create Name Server for our private network and our sub-domain's are resolve in our Local Area Network where not in World Wide! Would you please help us to resolve the missing configuration?
Note: Sorry for being the large question, We beg your pardon as we are fresh contributor to an R&D based community.
Where following domain we have:
Domain : chorke.org
Name Server : ns8533.hostgator.com
Name Server : ns8534.hostgator.com
Subdomain : bgd.chorke.org (public)
CNAME of bgd : cki00.ddns.net (noip.com)
Network information as below:
GTW : 10.19.83.1 (Gateway/Router)
DMZ : 10.19.83.3 (bgd.chorke.org & Name server)
LAN : 10.19.83.0/24 (Private network & range 0~255)
Following packages installed:
sudo su
apt update && apt upgrade
apt install bind9 bind9utils bind9-doc dnsutils
Startup options in /etc/default/bind9
RESOLVCONF=no
OPTIONS="-u bind -4"
Options in /etc/bind/named.conf.options
acl internals {
127.0.0.0/24; # 1-254
10.19.83.0/24; # 1-254
};
acl externals {
10.19.83.0/29; # 1-7 (public)
!10.19.83.0/24; # 1-254 (private)
};
options {
directory "/var/cache/bind";
auth-nxdomain no;
forwarders {
8.8.8.8; # Google DNS
8.8.4.4; # Google DNS
10.19.83.1; # Router DNS
};
dnssec-validation auto;
listen-on-v6 { none; };
listen-on port 53 {
127.0.0.1;
10.19.83.3;
};
allow-transfer { none; };
allow-query { internals; };
allow-recursion { internals; };
};
Zones in /etc/bind/named.conf.local
include "/etc/bind/rndc.key";
zone "bgd.chorke.org" {
type master;
file "/etc/bind/zones/db.bgd.chorke.org"; # forward zone
allow-update { key rndc-key; };
};
zone "83.19.10.in-addr.arpa" {
type master;
file "/etc/bind/zones/db.83.19.10"; # reverse zone
allow-update { key rndc-key; };
};
// consider adding the 1918 zones here
// include "/etc/bind/zones.rfc1918";
Forward zones in /etc/bind/zones/db.bgd.chorke.org
$TTL 600
$ORIGIN bgd.chorke.org.
@ IN SOA ns0.bgd.chorke.org. root.bgd.chorke.org. (
201908051 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10S
; NS Records
@ IN NS ns0.bgd.chorke.org.
@ IN NS ns8533.hostgator.com.
@ IN NS ns8534.hostgator.com.
@ IN NS bgd.chorke.org.
@ IN A 10.19.83.3
; A Records
apn A 10.19.83.2
ftp A 10.19.83.4
gtw A 10.19.83.1
ns0 A 10.19.83.3
Reverse zones in /etc/bind/zones/db.83.19.10
$TTL 600
$ORIGIN 83.19.10.in-addr.arpa.
@ IN SOA ns0.bgd.chorke.org. root.bgd.chorke.org. (
201908051 ; Serial YYYYmmddI
3600 ; Refresh 01H
600 ; Retry 10M
86400 ; Expire 01D
600 ) ; Negative Cache TTL 10S
; NS Records
@ IN NS ns0.bgd.chorke.org.
@ IN NS ns8533.hostgator.com.
@ IN NS ns8534.hostgator.com.
@ IN NS bgd.chorke.org.
; PTR Records
1.83 IN PTR gtw.bgd.chorke.org.
2.83 IN PTR apn.bgd.chorke.org.
3.83 IN PTR ns0.bgd.chorke.org.
4.83 IN PTR ftp.bgd.chorke.org.
bgd.chorke.orgzone appears to have records referring to private (rfc1918) IP addresses, this is not well suited for public use, are you sure this is the zone that you want to make public? Do you have public nameservers lined up that can be configured to host the slave zone forbgd.chorke.org? – Håkan Lindqvist Aug 05 '19 at 06:26bgd.chorke.orgresolved World Wide where it's sub-domain's are not! Consider thatgtw.bgd.chorke.orgis one of the sub-domain's ofbgd.chorke.orgresolved in Local Area Network but not in World Wide. If we could resolvegtw.bgd.chorke.orgfrom World Wide then our problem will be solved. I updated Name Server for both forward and reverse zone. please check it. – Śhāhēēd Aug 05 '19 at 07:37