How to provide custom TXT records in class 3 (CHAOS) using BIND9.
Introduction
Query for a TXT resource record in class 3 (CHAOS) for the domain name hostname.bind
or any other version.bind, authors.bind, and id.server.
$ dig chaos txt hostname.bind @10.10.1.18 +short
"voyager.octocat.lab"
These zones are defined defined inside bin/named/config.c source file.
"#\n\
# Zones in the \"_bind\" view are NOT counted in the count of zones.\n\
#\n\
view \"_bind\" chaos {\n\
recursion no;\n\
notify no;\n\
allow-new-zones no;\n\
max-cache-size 2M;\n\
\n\
# Prevent use of this zone in DNS amplified reflection DoS attacks\n\
rate-limit {\n\
responses-per-second 3;\n\
slip 0;\n\
min-table-size 10;\n\
};\n\
\n\
zone \"version.bind\" chaos {\n\
type primary;\n\
database \"_builtin version\";\n\
};\n\
\n\
zone \"hostname.bind\" chaos {\n\
type primary;\n\
database \"_builtin hostname\";\n\
};\n\
\n\
zone \"authors.bind\" chaos {\n\
type primary;\n\
database \"_builtin authors\";\n\
};\n\
\n\
zone \"id.server\" chaos {\n\
type primary;\n\
database \"_builtin id\";\n\
};\n\
};\n\
"
BIND configuration
Ensure that all zones are in views.
$ sudo cat /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind9/README.Debian.gz for information on the
// structure of BIND configuration files in Debian, *BEFORE* you customize
// this configuration file.
//
// If you are just adding zones, please do that in /etc/bind/named.conf.local
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
view "default" {
include "/etc/bind/named.conf.default-zones";
};
Load chaos zone.
$ sudo cat /etc/bind/named.conf.local
// // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; include "/etc/bind/zones.chaos";
Define chaos zone.
$ cat /etc/bind/zones.chaos
//
// chaos zone
//
view "chaos" chaos {
recursion no;
notify no;
allow-new-zones no;
max-cache-size 2M;
# Prevent use of this zone in DNS amplified reflection DoS attacks
rate-limit {
responses-per-second 3;
slip 0;
min-table-size 10;
};
zone "bind" chaos {
type primary;
file "/etc/bind/db.bind";
allow-update { none; };
};
zone "server" chaos {
type primary;
file "/etc/bind/db.server";
allow-update { none; };
};
};
Define BIND data file for bind zone.
$ cat /etc/bind/db.bind
;
; BIND data file for chaos class, bind zone
;
$TTL 604800
@ CH SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ CH NS localhost.
version CH TXT "[REDACTED]"
authors CH TXT "[REDACTED]"
;hostname CH TXT "[REDACTED]"
Define BIND data file for server zone.
$ cat /etc/bind/db.server
;
; BIND data file for chaos class, server zone
;
$TTL 604800
@ CH SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ CH NS localhost.
id CH TXT "[REDACTED]"
loc CH TXT "local network"
Check configuration syntax.
$ named-checkconf
Restart BIND server.
$ sudo systemctl restart named
Query TXT records
Query for a TXT resource record in chaos class.
Existing record.
$ dig chaos txt version.bind @10.10.1.18 +short
"[REDACTED]"
The nonexisting record will return nothing as expected.
$ dig chaos txt hostname.bind @10.10.1.18 +short
Define custom records to provide additional data.
$ dig ch txt loc.server @10.10.1.18 +short
"local network"
Additional notes
Requirements for a Mechanism Identifying a Name Server Instance