The following naming services are available on labs.coop; you can put these all in your bind9 and it will propagate across them all in the motion of the direct route and indirect route globally:-

  • ns1.snails.email
  • ns2.snails.email
  • ns3.snails.email
  • ns4.snails.email
  • ns5.snails.email
  • ns6.snails.email
  • ns7.snails.email
  • ns8.snails.email
  • ns9.snails.email
  • ns10.snails.email
  • ns11.snails.email
  • ns12.snails.email
  • ns13.snails.email
  • ns14.snails.email
  • ns15.snails.email
  • ns16.snails.email
  • ns17.snails.email
  • ns18.snails.email
  • ns19.snails.email
  • ns20.snails.email
  • ns21.snails.email
  • ns22.snails.email
  • ns23.snails.email
  • ns24.snails.email
  • ns25.snails.email
  • ns26.snails.email
  • ns27.snails.email
  • ns28.snails.email
  • ns29.snails.email
  • ns30.snails.email
  • ns31.snails.email
  • ns32.snails.email

You will need to then install bind which in ubuntu or debian is the following command, as well as the second command for allow it access on the firewall which is both TCP/UDP:-

$ sudo apt-get install bind9 ufw
$ sudo ufw allow 53

You will then need to modify /etc/bind/names.conf.options to reflect the following:-

acl goodclients {
        192.0.2.0/24;
        localhost;
        localnets;
        any;
};


options {
        directory "/var/cache/bind";

        recursion yes;
        allow-query { goodclients; };

        // If there is a firewall between you and nameservers you want
        // to talk to, you may need to fix the firewall to allow multiple
        // ports to talk.  See http://www.kb.cert.org/vuls/id/800113

        // If your ISP provided one or more IP addresses for stable
        // nameservers, you probably want to use them as forwarders.
        // Uncomment the following block, and insert the addresses replacing
        // the all-0's placeholder.

        forwarders {
              208.69.38.170;
              4.2.2.6;
              4.2.2.1;
              4.2.2.3;
              4.2.2.4;
              156.154.70.1;
              208.67.222.222;
              208.67.220.220;
              64.81.79.2;
              203.12.160.36;
              61.9.211.34;
              7.235.1.174;
              61.9.211.2;
              211.29.132.12;
              198.142.0.51;
              203.23.236.69;
              220.233.0.4;
              203.50.2.71;
              122.150.6.66;
              122.150.7.66;
              208.67.222.222;
              37.235.1.177;
              208.67.220.220;
              8.8.8.8;
              8.8.4.4;
              203.12.160.35;
              129.250.35.251;
              129.250.35.250;
              156.154.71.1;
              4.2.2.2;
              4.2.2.5;
        };
        forward only;

        //========================================================================
        // If BIND logs error messages about the root key being expired,
        // you will need to update your keys.  See https://www.isc.org/bind-keys
        //========================================================================
        dnssec-enable no;
        dnssec-validation no;

        auth-nxdomain no;    # conform to RFC1035
        listen-on-v6 { any; };
};
Advertisements