surf internet with windows 10 client and DNS server Bind

linuxnewbie70

New Member
Joined
Jul 22, 2021
Messages
1
Reaction score
0
Credits
79
I created a virtual lab on my laptop. On Hyper v I have installed two virtual machines:
1 - AlmaLinux server version 8.4
2 - Windows 10 client
The server has two network interfaces, one connected to a private network and one connected to the laptop's network card (I use a mobile phone to connect to the internet in hotspot)
The client has only one network card connected to the private network.
On the server I have installed an apache webserver and the DNS Bind server.
What I would like is to surf the internet from the W10 Client using the Almalinux DNS server, but it does not works.

ip almaserver 192.168.1.30 on private network, 192.168.43.18 on eth1 (hotspot connection)
ip w10 client 192.168.1.32 on private network
ip phone 192.168.43.1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:2b:8a:4a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.30/24 brd 192.168.1.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::215:5dff:fe2b:8a4a/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:15:5d:2b:8a:4c brd ff:ff:ff:ff:ff:ff
inet 192.168.43.18/24 brd 192.168.43.255 scope global dynamic noprefixroute eth1
valid_lft 2995sec preferred_lft 2995sec
inet6 fe80::6ac5:d39d:fe43:fa56/64 scope link noprefixroute
valid_lft forever preferred_lft forever
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
listen-on port 53 { 127.0.0.1;192.168.1.30; };
// listen-on-v6 port 53 { ::1; };
forwarders { 8.8.8.8; 8.8.4.4; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
secroots-file "/var/named/data/named.secroots";
recursing-file "/var/named/data/named.recursing";
allow-query { localhost;192.168.1.0/24; };

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
// enable the query log
querylog yes;
dnssec-enable yes;
dnssec-validation yes;

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";

/* https://fedoraproject.org/wiki/Changes/CryptoPolicy */
include "/etc/crypto-policies/back-ends/bind.config";
};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
route on server

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 103 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 102 0 0 eth0
192.168.43.0 0.0.0.0 255.255.255.0 U 103 0 0 eth1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

route on client

===========================================================================
Elenco interfacce
11...00 15 5d 2b 8a 4b ......Microsoft Hyper-V Network Adapter #2
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Tabella route
===========================================================================
Route attive:
Indirizzo rete Mask Gateway Interfaccia Metrica
0.0.0.0 0.0.0.0 192.168.1.30 192.168.1.32 271
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
192.168.1.0 255.255.255.0 On-link 192.168.1.32 271
192.168.1.32 255.255.255.255 On-link 192.168.1.32 271
192.168.1.255 255.255.255.255 On-link 192.168.1.32 271
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 192.168.1.32 271
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 192.168.1.32 271
===========================================================================
Route permanenti:
Indirizzo rete Mask Indir. gateway Metrica
0.0.0.0 0.0.0.0 192.168.1.30 Predefinito
===========================================================================

IPv6 Tabella route
===========================================================================
Route attive:
Interf Metrica Rete Destinazione Gateway
1 331 ::1/128 On-link
11 271 fe80::/64 On-link
11 271 fe80::8aa:86ae:2458:c987/128
On-link
1 331 ff00::/8 On-link
11 271 ff00::/8 On-link
===========================================================================
Route permanenti:
Nessuna

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ifcfg_eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=no
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
UUID=48ca480d-29ad-406b-b6b4-ba0cb2e33e51
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.1.30
PREFIX=24
IPV6_PRIVACY=no
PEERROUTES=no
DNS1=192.168.1.30

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ifcfg_eth1
TYPE=ethernet
DEVICE=eth1
BOOTPROTO=dhcp
ONBOOT=yes
DNS1=192.168.43.1

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

dig A google.com

; <<>> DiG 9.11.26-RedHat-9.11.26-4.el8_4 <<>> A google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2440
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 65 IN A 142.250.180.110

;; Query time: 6 msec
;; SERVER: 192.168.43.1#53(192.168.43.1)
;; WHEN: mer lug 21 09:15:45 EDT 2021
;; MSG SIZE rcvd: 44

----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ping from client

Esecuzione di Ping 8.8.8.8 con 32 byte di dati:
Richiesta scaduta.
Richiesta scaduta.
Richiesta scaduta.
Richiesta scaduta.

Statistiche Ping per 8.8.8.8:
Pacchetti: Trasmessi = 4, Ricevuti = 0,
Persi = 4 (100% persi),
 


Top