Hi Torinthiel, You have not understood my requirement. We are not looking for * to point all A records to 1.2.3.4, but we want to delegate all * DNS request to another Name Server, which will be taking care of request. In this case the Name Server to which I want to delegate all * records is a GLB (Global Load Balance). Can you suggest on this, how to do this.
Thanks Parashar On Mon, Apr 11, 2011 at 8:00 AM, <bind-users-requ...@lists.isc.org> wrote: > Send bind-users mailing list submissions to > bind-users@lists.isc.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.isc.org/mailman/listinfo/bind-users > or, via email, send a message with subject or body 'help' to > bind-users-requ...@lists.isc.org > > You can reach the person managing the list at > bind-users-ow...@lists.isc.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of bind-users digest..." > > > Today's Topics: > > 1. DNS record delegation (Parashar Singh) > 2. Re: DNS record delegation (Torinthiel) > 3. Re: A beginners question regarding a caching-only name server > (Patrick Rynhart) > 4. Re: BIND9 fails resolving after connecting to VPN (kapetr) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 11 Apr 2011 00:12:36 +0530 > From: Parashar Singh <parashar.singh2...@gmail.com> > Subject: DNS record delegation > To: bind-users@lists.isc.org > Message-ID: <banlktikxaywqfb7lo5tgxvyycvtpyps...@mail.gmail.com> > Content-Type: text/plain; charset="windows-1252" > > We want to be able to point the wild card (*.domain.com) and the root > domain > (domain.com) to the GLB?s while not breaking the other custom prefixes > within that domain?s record (stage.domain.com, foo.domain.com, etc.). > Except some 10-20 A records, as declared in zone file, for all other DNS > lookup request shall be forwarded to Global Load Balancer. > Allow any records on the DNS server to resolve to the respective records on > DNS. > All other records are captured by the wildcard and load balanced. > The load balancers will forward the queries to the Apache web servers which > will direct users to the appropriate website. > > Can you suggest, how we can configure BIND to do above setup. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20110411/6c8c2e77/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Sun, 10 Apr 2011 22:38:05 +0200 > From: Torinthiel <torinth...@data.pl> > Subject: Re: DNS record delegation > To: bind-users@lists.isc.org > Message-ID: <4da2152d.90...@data.pl> > Content-Type: text/plain; charset="windows-1252" > > On 04/10/11 20:42, Parashar Singh wrote: > > We want to be able to point the wild card (*.domain.com > > <http://domain.com>) and the root domain (domain.com > > <http://domain.com>) to the GLB?s while not breaking the other custom > > prefixes within that domain?s record (stage.domain.com > > <http://stage.domain.com>, foo.domain.com <http://foo.domain.com>, > etc.). > > Except some 10-20 A records, as declared in zone file, for all other DNS > > lookup request shall be forwarded to Global Load Balancer. > > Allow any records on the DNS server to resolve to the respective records > > on DNS. > > All other records are captured by the wildcard and load balanced. > > The load balancers will forward the queries to the Apache web servers > > which will direct users to the appropriate website. > > > > Can you suggest, how we can configure BIND to do above setup. > > > if you type > *.domain.com. IN A 1.2.3.4 > in your zone file, bind interprets this as > "every record that is not configured otherwise should get a record of > type A and value 1.2.3.4" > > So, if I understand correctly what you want to do, just specify normal A > records for special domains and root domain as well, and add the > wildcard record. > > For this example assume 1.2.3.4 is IP of GLB, and 4.3.2.1 is IP of > machine serving other stuff. > So the following zone fragment should work > > $ORIGIN domain.com. > @ SOA (...) > @ NS ... > @ A 1.2.3.4 > stage A 4.3.2.1 > foo A 4.3.2.1 > * A 1.2.3.4 > END FRAGMENT > > of course stage and foo can have different IP addresses, and you > probably want to add MX and other records as well. > Torinthiel > > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: signature.asc > Type: application/pgp-signature > Size: 262 bytes > Desc: OpenPGP digital signature > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20110410/2bfe661c/attachment-0001.bin > > > > ------------------------------ > > Message: 3 > Date: Mon, 11 Apr 2011 17:02:22 +1200 > From: Patrick Rynhart <p.rynh...@massey.ac.nz> > Subject: Re: A beginners question regarding a caching-only name server > To: bind-us...@isc.org > Message-ID: <inu20v$uk8$1...@dough.gmane.org> > Content-Type: text/plain; charset=ISO-8859-1 > > Hi Andrew, > > On 9/04/2011 12:37 a.m., andrew wales wrote: > > > > Remember that rndc dumpdb doesn't actually dump the cache to stdout. > > Has it actually written to named_dump.db in named's working directory? > > Regards, > > > > Andrew > > Thanks - you are spot on here :-) I was expecting the DB to be written > to stdout. One thing that I have noticed, however, is that only > information relating to the most recently resolved DNS hostname is being > dumped. (If I set my /etc/resolv.conf on my client accordingly and then > ping a bunch of different domains then I only get results for the last > query.) Perhaps this because I have a "forwarders" directive (i.e. BIND > is not actually functioning as a caching name server at present ?). > > Cheers, > > Patrick > > > > > ------------------------------ > > Message: 4 > Date: Mon, 11 Apr 2011 13:18:39 +0200 (CEST) > From: "kapetr" <kap...@mizera.cz> > Subject: Re: BIND9 fails resolving after connecting to VPN > To: stacey.marsh...@gmail.com, bind-users@lists.isc.org > Message-ID: <437b144354563f43d8fba089177a1...@mail2.volny.cz> > Content-Type: text/plain; charset="iso-8859-2" > > Hello, > > interesting ... > > ----- P?VODN? ZPR?VA ----- > Od: "Stacey Marshall" <stacey.marsh...@gmail.com> > Komu: "kapetr" <kap...@mizera.cz> > P?edm?t: Re: BIND9 fails resolving after connecting to VPN > Datum: 9.4.2011 - 22:50:44 > > > I' wondering if the network your attaching to via > > VPN allows direct DNS > > lookups? > > > > I know of networks where the provided servers have > > firewall rules that allow > > them to make queries but other servers are not. > > > > You could test this theory by trying to connect to > > a root server with dig > > when connected to VPN. For example: > > > > $ dig @h.root-servers.net. www.seznam.cz > > > > Regards, Stace > > > Why should VPN provider filter (disable) direct queries and allow > only recursive queries ? > > The results are (for me) surprising: > > 1. before VPN: my (127.0.0.1) and ISPs servers work OK and: > ******************************************************************** > > hugo@duron650:~$ dig @h.root-servers.net. www.seznam.cz > > ; <<>> DiG 9.7.1-P2 <<>> @h.root-servers.net. www.seznam.cz > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20035 > ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 5, ADDITIONAL: 10 > ;; WARNING: recursion requested but not available > > ;; QUESTION SECTION: > ;www.seznam.cz. IN A > > ;; AUTHORITY SECTION: > cz. 172800 IN NS a.ns.nic.cz. > cz. 172800 IN NS b.ns.nic.cz. > cz. 172800 IN NS c.ns.nic.cz. > cz. 172800 IN NS d.ns.nic.cz. > cz. 172800 IN NS f.ns.nic.cz. > > ;; ADDITIONAL SECTION: > a.ns.nic.cz. 172800 IN A 194.0.12.1 > b.ns.nic.cz. 172800 IN A 194.0.13.1 > c.ns.nic.cz. 172800 IN A 194.0.14.1 > d.ns.nic.cz. 172800 IN A 193.29.206.1 > f.ns.nic.cz. 172800 IN A 193.171.255.48 > a.ns.nic.cz. 172800 IN AAAA 2001:678:f::1 > b.ns.nic.cz. 172800 IN AAAA 2001:678:10::1 > c.ns.nic.cz. 172800 IN AAAA 2001:678:11::1 > d.ns.nic.cz. 172800 IN AAAA 2001:678:1::1 > f.ns.nic.cz. 172800 IN AAAA 2001:628:453:420::48 > > ;; Query time: 144 msec > ;; SERVER: 128.63.2.53#53(128.63.2.53) > ;; WHEN: Mon Apr 11 12:56:18 2011 > ;; MSG SIZE rcvd: 338 > > hugo@duron650:~$ > > 2. after VPN up: > **************************************************************** > - my (127.0.0.1) fails again - "connection timed out; no servers > could be reached" > - ISPs server OK again - I get normal "A" answer > - DNS root server - by name (IP get from ISPs server) or by IP > gives: > hugo@duron650:~$ dig @h.root-servers.net. www.seznam.cz > > ; <<>> DiG 9.7.1-P2 <<>> @h.root-servers.net. www.seznam.cz > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2758 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;www.seznam.cz. IN A > > ;; ANSWER SECTION: > www.seznam.cz. 203 IN A 77.75.72.3 > > ;; Query time: 67 msec > ;; SERVER: 128.63.2.53#53(128.63.2.53) > ;; WHEN: Mon Apr 11 12:58:52 2011 > ;; MSG SIZE rcvd: 47 > > hugo@duron650:~$ > ************************************************* > > So why the h.root-servers.net == 128.63.2.53 in case 2 (over VPN) > gives the recursive answer ? > > Do You thing, that this VPN provider > - blocks direct (not recursive) DNS questions and > - manipulates recursive queries ? [catch them, make query itself and > answers with manipulated server IP] > > ??? > > --kapetr > > > > > > ------------------------------ > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > End of bind-users Digest, Vol 828, Issue 1 > ****************************************** >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
