corporate-gadfly / Tunlr-Clone

302 stars 57 forks source link

Help in Setting Up #25

Closed pitboss closed 10 years ago

pitboss commented 10 years ago

Hello, I would appreciate if anyone can help me setup this services on a dedicated server. You can email me at wcg707[at]yahoo.com.

I can resolve to any sites except those in the overide. The example given was based on VPS, which has internal and external IP and in my case, there is no internal, only a single IP.

nslookup for hulu is resolved to the server ip address. surfing to hulu will show error as its not loading any pages.

I can provide ssh access to the server if required.

Thank you.


Below is the configuration files:

sniproxy is running in the same server as the DNS. 68.x.x.x is the public IP for eth0.

/etc/sniproxy.conf

user daemon pidfile /var/tmp/sniproxy.pid listener 68.x.x.x 80 { proto http } listener 68.x.x.x 443 { proto tls } table { (hulu|huluim).com abc.(go.)?com (nbc|nbcuni).com netflix.com ip2location.com * }

/etc/named/named.conf

include "/etc/bind/named.conf.options"; include "/etc/bind/named.conf.local"; include "/etc/bind/named.conf.default-zones";

/etc/bind/named.conf.options

forwarders {

these are the DNS servers from the VPS provider (look in /etc/resolv.conf if yours are different)

    199.195.255.68;
    199.195.255.69;
};
    auth-nxdomain no;    # conform to RFC1035
    listen-on-v6 { any; };
    allow-query { trusted; };
    allow-recursion { trusted; };
    recursion yes;
    dnssec-enable no;
    dnssec-validation no;

dnssec-validation auto;

    listen-on-v6 { any; };

};

/etc/bind/named.conf.local

include "/etc/bind/rndc.key";

acl "trusted" { 127.0.0.1; 211.y.y.y ; // my isp address 68.x.x.x ; // My DNS server public IP };

include "/etc/bind/zones.override";

logging { channel bind_log { file "/var/log/named/named.log" versions 5 size 30m; severity info; print-time yes; print-severity yes; print-category yes; }; category default { bind_log; }; category queries { bind_log; }; };

/etc/bind/db.override

; ; BIND data file for overridden IPs ; $TTL 86400 @ IN SOA ns1 root ( 2012100401 ; serial 604800 ; refresh 1w 86400 ; retry 1d 2419200 ; expiry 4w 86400 ; minimum TTL 1d )

; need atleast a nameserver IN NS ns1 ; specify nameserver IP address ns1 IN A 68.x.x.x ; external IP from eth0 ; provide IP address for domain itself @ IN A 68.x.x.x ; external IP from eth0 ; resolve everything with the same IP address as ns1

reini1989 commented 10 years ago

have you tried to capture the resolving fails? (tcpdump -w => wireshark)

dnssec-validation auto; <-- I could imagine this as a problem. Validating a faked DNS response isn't the best idea I think. If your provider enforces you to use validation on his servers - why don't you try google's public dns servers (8.8.8.8, 8.8.4.4)

pitboss commented 10 years ago

Sorry the dnssec validation is remarked and now I have deleted them as well. Iptables is disable at the moment. It can resolve everything except those streaming sites.

pitboss commented 10 years ago

Got it. Apparently you can't use your own dns in the /etc/resolv.conf. Mine was pointing to 127.0.0.1, created by my server provider and that create a loop. There was no documentation on that.