como posso resolver alguns sites globais (google.com, Facebook.com) para o endereço IP local (por exemplo, 192.168.0.1). Alguém pode me ajudar?
; Authoritative data for facebook.com zone
;
$TTL 1D
@ IN SOA epc.facebook.com root.epc.facebook.com. (
2017031301 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
$ORIGIN facebook.com.
epc IN A 127.0.0.1
facebook.com IN A 192.168.0.1
mas desenterre o resultado:
; <<>> DiG 9.10.3-P4-Raspbian <<>> facebook.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 21851
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;facebook.com. IN A
;; ANSWER SECTION:
facebook.com. 3441 IN A 185.60.216.35
;; Query time: 1 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Tue Jan 30 16:51:44 UTC 2018
;; MSG SIZE rcvd: 57
resolv.conf
# Generated by resolvconf
nameserver 192.168.0.1
chamado:
cat named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
zone "com.farizHost.arpa" {
type master ;
file "/etc/bind/fariz.zone.db" ;
};
E ..
root@raspberrypi:/etc/bind# cat named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
//========================================================================
// If BIND logs error messages about the root key being expired,
// you will need to update your keys. See https://www.isc.org/bind-keys
//========================================================================
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
Para resolver o domínio facebook.com, você precisa adicionar uma diretiva:
zone "facebook.com" {
type master;
file "/etc/bind/facebook.db";
};
Onde facebook.db é o seu arquivo no começo da pergunta.
Sua SOA também deve ser corrigida.
IN SOA epc.facebook.com. root.epc.facebook.com. (
Btw, os domínios SOA não precisam ser facebook.com.
Este é um trabalho para o recurso de vincular RPZ, consulte: link
Domain Name Service Response Policy Zones (DNS RPZ) is a method that allows a nameserver administrator to overlay custom information on top of the global DNS to provide alternate responses to queries. It is currently implemented in the ISC BIND nameserver (9.8 or later). Another generic name for the DNS RPZ functionality is "DNS firewall".
Assim, conforme indicado na documentação que você precisa:
response-policy { zone "badlist"; };
zone "badlist" {type master; file "master/badlist"; allow-query {none;}; };
na sua configuração, e no arquivo "zona" master/badlist algo como:
$TTL 1H
@ SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)
NS LOCALHOST.
www.google.com A 192.168.0.1
www.facebook.com A 192.168.0.1