Servidor Proxy transparente com WPAD e BIND no CENTOS 7

1. Servidor Proxy transparente com WPAD e BIND no CENTOS 7

RWC28
(usa CentOS)

Enviado em 17/10/2018 - 22:36h

Boa noite galera!
Estou configurando um servidor proxy squid transparente, com o servidor de dns BIND para realizar o bloqueio de https.
Porém após a configuração dos servidores não consigo realizar a conexão pela internet por meio do dns que foi criado e como consequência o squid bloqueia a internet.
Seguem as configurações
WPAD
function FindProxyForURL(url, host){

if(isPlainHostName(host) || isInNet(host, "10.1.0.0", "255.255.0.0") || isPlainHostName(host, "127.0.0.0", "255.0.0.0"))
return "DIRECT";
else
return "PROXY dns.proxy.com.br:3128";

}

Servidor BIND

options {
listen-on port 53 { 127.0.0.1; 10.1.1.254;};
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 10.1.1.0/24;};

/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable recursion.
- If you are building a RECURSIVE (caching) DNS server, you need to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST enable access
control to limit queries to your legitimate users. Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/

recursion yes;

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";

managed-keys-directory "/var/named/dynamic";

pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";

forwarders{8.8.8.8;8.8.4.4;};
forward only;

};

logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};

zone "." IN {
type hint;
file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

zone "proxy.com.br" IN{
type master;
file "/var/named/proxy.db";
};

zone "10.16.172.in-addr.arpa" IN{
type master;
file "/var/named/10.16.172.db";
};

Arquivo proxy.db
$TTL 24h
@ IN SOA dns.proxy.com.br. root.proxy.com.br.(
2015083000 ; Serial
12h ; Refresh
15m ; Retry
3w ; Expire
2h ; Mininum TTL
)

@ IN NS dns.proxy.com.br.
dns IN A 10.1.1.254

wpad IN A 10.1.1.254
www IN A 10.1.1.254

Arquivo 10.16.172.db
$TTL 24h
@ IN SOA dns.proxy.com.br. root.proxy.com.br.(
2014083000 ; Serial
12h ; Refresh
15m ; Retry
3w ; Expire
2h ; Mininum TTL
)

@ IN NS dns.proxy.com.br.
10 IN PTR dns.proxy.com.br.

20 IN PTR wpad.proxy.com.br.
30 IN PTR www.proxy.com.br.

Desde já agradeço a ajuda!!!

1 0

Quote