I forgot to mention, this is actually the case The proxy has a different IP on each network.
2015-01-04 13:00 GMT+01:00 <bind-users-requ...@lists.isc.org>: > Send bind-users mailing list submissions to > bind-users@lists.isc.org > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.isc.org/mailman/listinfo/bind-users > or, via email, send a message with subject or body 'help' to > bind-users-requ...@lists.isc.org > > You can reach the person managing the list at > bind-users-ow...@lists.isc.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of bind-users digest..." > > > Today's Topics: > > 1. Re: BIND9 Return different IP address based on subnet > (Christian Kette) > 2. Re: BIND9 Return different IP address based on subnet > (Matus UHLAR - fantomas) > 3. RE: can't-resolve (Mohammed Ejaz) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 3 Jan 2015 19:24:47 +0100 > From: Christian Kette <chriswaeldc...@outlook.de> > To: "Jeremy C. Reed" <jr...@isc.org>, bind-users@lists.isc.org > Subject: Re: BIND9 Return different IP address based on subnet > Message-ID: <blu437-smtp59e4422d3e2444eac7b263a4...@phx.gbl> > Content-Type: text/plain; charset="utf-8" > > I have found a workaround. > I defined a different zone for every network > > My config files are now > > /tec/bind/named.conf > > include "/etc/bind/named.conf.options"; > include "/etc/bind/named.conf.local"; > > /etc/bind/named.conf.local > > view "local" { > match-clients { localhost; }; > zone "home.lan" IN { > type master; > file "/etc/bind/db.home.lan"; > }; > }; > view "ext" { > match-clients { 192.168.2.0/24;}; > zone "home2.lan" IN { > type master; > file "/etc/bind/db.rev.2.168.192.in-addr.arpa"; > }; > }; > view "wlan0" { > match-clients { 192.168.3.0/24;}; > zone "home3.lan" IN { > type master; > file "/etc/bind/db.rev.3.168.192.in-addr.arpa"; > }; > }; > view "wlan00" { > match-clients {192.168.4.0/24;}; > zone "home4.lan" IN { > type master; > file "/etc/bind/db.rev.4.168.192.in-addr.arpa"; > }; > }; > view "wlan01" { > match-clients {192.168.5.0/24;}; > zone "home5.lan" IN { > type master; > file "/etc/bind/db.rev.5.168.192.in-addr.arpa"; > }; > }; > view "int" { > match-clients {192.168.10.0/24;}; > zone "home10.lan" IN { > type master; > file "/etc/bind/db.rev.10.168.192.in-addr.arpa"; > }; > }; > > /etc/bind/db.rev.10.168.192.in-addr.arpa > > ; IP Address-to-Host DNS Pointers for the 192.168.10 subnet > home10.lan. IN SOA DEV.home10.lan. hostmaster.home10.lan. ( > 2013120101 ; serial > 8H ; refresh > 4H ; retry > 4W ; expire > 1D ; minimum > ) > ; define the authoritative name server > home10.lan. IN NS DEV.home10.lan. > home10.lan. IN MX 10 DEV.home10.lan. > > localhost IN A 127.0.0.1 > DEV IN A 192.168.10.1 > router IN A 192.168.10.1 > proxy IN CNAME DEV.home10.lan. > wpad IN A 192.168.10.1 > > > > 2014-12-28 19:59 GMT+01:00 <chriswaeldc...@outlook.de>: > > > Thank you for the helpful answer. > > I changed the file /etc/bind/named.conf.local to > > > > view "local" { > > match-clients { 127.0.0.1; }; > > zone "home.lan" IN { > > type master; > > file "/etc/bind/db.home.lan"; > > }; > > }; > > view "ext" { > > match-clients { 192.168.2.0/24;}; > > zone "2.168.192.in-addr.arpa" { > > type master; > > file "/etc/bind/db.rev.2.168.192.in-addr.arpa"; > > }; > > }; > > view "wlan0" { > > match-clients { 192.168.3.0/24;}; > > zone "3.168.192.in-addr.arpa" { > > type master; > > file "/etc/bind/db.rev.3.168.192.in-addr.arpa"; > > }; > > }; > > view "wlan00" { > > match-clients {192.168.4.0/24;}; > > zone "4.168.192.in-addr.arpa" { > > type master; > > file "/etc/bind/db.rev.4.168.192.in-addr.arpa"; > > }; > > }; > > view "wlan01" { > > match-clients {192.168.5.0/24;}; > > zone "5.168.192.in-addr.arpa" { > > type master; > > file "/etc/bind/db.rev.5.168.192.in-addr.arpa"; > > }; > > }; > > view "int" { > > match-clients {192.168.10.0/24;}; > > zone "10.168.192.in-addr.arpa" { > > type master; > > file "/etc/bind/db.rev.10.168.192.in-addr.arpa"; > > }; > > }; > > > > > > But now I get Non-existent domain error (on the raspberry machine) for > > - nslookup localhost > > - nslookup DEV.home.lan > > > > I don't understand why it can't find neither the localhost nor the > > DEV.home.lan entry in /etc/bind/db.home.lan > > > > > > > > 2014-12-27 22:57 GMT+01:00 Jeremy C. Reed <jr...@isc.org>: > > > >> On Sat, 27 Dec 2014, Christian Kette wrote: > >> > >> > I have some questions. Q1: Why do I get the IP address "192.168.2.100" > >> for > >> > "DEV.home.lan" from both the 192.168.2.0/24 and the 192.168.10.0/24 > >> network? > >> > >> The view that matches first is used. > >> > >> > #include "/etc/bind/named.conf.default-zones"; > >> ... > >> > Q2: What exactly are these zones in the file for? Do I need them? > >> > >> You didn't include the file in the email. But I found a copy via google > >> which may be the same. You probably don't need it. (For example, the > >> priming hints are builtin to named.) > >> > >> > > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > https://lists.isc.org/pipermail/bind-users/attachments/20150103/08b102ce/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Sat, 3 Jan 2015 23:53:23 +0100 > From: Matus UHLAR - fantomas <uh...@fantomas.sk> > To: bind-users@lists.isc.org > Subject: Re: BIND9 Return different IP address based on subnet > Message-ID: <20150103225323.ga32...@fantomas.sk> > Content-Type: text/plain; charset=us-ascii; format=flowed > > On 03.01.15 19:24, Christian Kette wrote: > >I have found a workaround. > >I defined a different zone for every network > > I repeat: you don't need views when having different zones. > > You would need views if you had the same zone with different content. > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > The early bird may get the worm, but the second mouse gets the cheese. > > > ------------------------------ > > Message: 3 > Date: Sun, 4 Jan 2015 08:43:30 +0300 > From: "Mohammed Ejaz" <me...@cyberia.net.sa> > To: "'Warren Kumari'" <war...@kumari.net>, "'Barry Margolin'" > <bar...@alum.mit.edu> > Cc: comp-protocols-dns-b...@isc.org > Subject: RE: can't-resolve > Message-ID: <0e0701d027e1$611d4f20$2357ed60$@cyberia.net.sa> > Content-Type: text/plain; charset="us-ascii" > > > Hello, all. > > now everything is fine once the port > 1024 opened from the network > firewall. so it means not only 53 port requires to be open. > > > > -----Original Message----- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Ejaz > Sent: Sunday, December 28, 2014 11:10 AM > To: 'Warren Kumari'; 'Barry Margolin' > Cc: comp-protocols-dns-b...@isc.org > Subject: RE: can't-resolve > > Thanks for the suggestion > > I am sure No firewall at all. Also See I now I have reassigned the my > previous IP which is 212.119.64.12, after that everything is fine. It > wouldn't have worked with this IP if there is firewall on the box?? > > Regards, > Mohammed Ejaz > CYBERIAR SAUDI ARABIA > P.O.Box 301079, Riyadh 11372, Saudi Arabia > Tel: +966 11 464 7114 Ext. 140 > Fax: +966 11 465 4735 > > -----Original Message----- > From: bind-users-boun...@lists.isc.org > [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Warren Kumari > Sent: Saturday, December 27, 2014 2:27 AM > To: Barry Margolin > Cc: comp-protocols-dns-b...@isc.org > Subject: Re: can't-resolve > > Also, from querying from the outside (with TCP): > > ~# dig +tcp www.auth-servers.net @212.119.64.228 > ; <<>> DiG 9.10.1-P1 <<>> +tcp www.auth-servers.net @212.119.64.228 ;; > global options: +cmd ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 20716 ;; flags: qr rd > ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 4096 > ;; QUESTION SECTION: > ;www.auth-servers.net. IN A > > ;; Query time: 8260 msec > ;; SERVER: 212.119.64.228#53(212.119.64.228) ;; WHEN: Fri Dec 26 18:18:30 > EST 2014 ;; MSG SIZE rcvd: 49 > > Then trying the same query a few seconds later: > dig +tcp www.auth-servers.net @212.119.64.228 > > ; <<>> DiG 9.10.1-P1 <<>> +tcp www.auth-servers.net @212.119.64.228 ;; > global options: +cmd ;; connection timed out; no servers could be reached > > This really looks like a firewall -- perhaps there is some firewall > software > on the box itself? > > W > > > On Fri, Dec 26, 2014 at 6:17 PM, Warren Kumari <war...@kumari.net> wrote: > > What OS is this machine running? > > > > Interestingly enough, it is unpingable, and a quick nmap fingerprints > > it > as: > > Running: Sun Solaris 8 > > OS CPE: cpe:/o:sun:sunos:5.8 > > OS details: Sun Solaris 8 (SPARC) > > > > nmap could only find one open port (TCP 53 :-)) and so its > > fingerprinting is unreliable, but it *does* look like you are behind a > > firewall type devices. > > It is unusual for machines themselves to not respond to pings. > > > > fpdns says: > > fingerprint (212.119.64.228, 212.119.64.228): ISC BIND 9.2.3rc1 -- > > 9.6.1-P1 [recursion enabled] > > > > > > > > On Fri, Dec 26, 2014 at 5:55 PM, Barry Margolin <bar...@alum.mit.edu> > wrote: > >> In article <mailman.1330.1419633581.26362.bind-us...@lists.isc.org>, > >> "Ejaz" <me...@cyberia.net.sa> wrote: > >> > >>> I am sure sir there is no firewall on in the server you can make > >>> sure by telnet to the port 53 of this IP 212.119.64.228 > >> > >> That doesn't mean anything. The firewall may be blocking OUTGOING > >> packets to port 53, or they're blocking the returning replies (which > >> go to an ephemeral port). > >> > >>> > >>> > >>> Regards, > >>> Mohammed Ejaz > >>> CYBERIAR SAUDI ARABIA > >>> P.O.Box 301079, Riyadh 11372, Saudi Arabia > >>> Tel: +966 11 464 7114 Ext. 140 > >>> Fax: +966 11 465 4735 > >>> > >>> -----Original Message----- > >>> From: bind-users-boun...@lists.isc.org > >>> [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Matus UHLAR - > >>> fantomas > >>> Sent: Friday, December 26, 2014 7:35 PM > >>> To: bind-users@lists.isc.org > >>> Subject: Re: can't-resolve > >>> > >>> On 26.12.14 19:21, Ejaz wrote: > >>> >When run "dig a yahoo.com @212.119.64.228 below is the ouput. > >>> > > >>> >yahoo.com. (38) > >>> >17:39:41.363532 IP 212.119.64.228.37891 > 212.119.64.228.domain: > 34168+ > >>> >[1au] A? yahoo.com. (38) > >>> >17:39:42.246993 IP 212.119.64.228.53702 > 192.5.5.241.domain: 58238 > >>> >[1au] > >>> A? > >>> >yah oo.com. (38) > >>> >17:39:42.247012 IP 212.119.64.228.45701 > 192.5.5.241.domain: 13223 > [1au] > >>> >NS? . (28) > >>> >17:39:43.047148 IP 212.119.64.228.43795 > 128.63.2.53.domain: 1539 A? > >>> >yahoo.com. (27) > >>> >17:39:43.047154 IP 212.119.64.228.55178 > 128.63.2.53.domain: 56002 > NS? > . > >>> >(17) > >>> >17:39:43.847447 IP 212.119.64.228.61664 > 192.58.128.30.domain: 165 A? > >>> >yahoo.com . (27) > >>> >17:39:43.847542 IP 212.119.64.228.30239 > 192.58.128.30.domain: > >>> >11435 > NS? . > >>> >(17) > >>> >17:39:44.995096 IP 212.119.64.228.24477 > 199.7.83.42.domain: 25645 > >>> >[1au] > >>> A? > >>> >yahoo.com. (38) > >>> >17:39:44.995162 IP 212.119.64.228.22170 > 199.7.83.42.domain: 44767 > >>> >[1au] NS? . (28) > >>> >17:39:45.897226 IP 212.119.64.228.35574 > 199.7.91.13.domain: 29284 A? > >>> >yahoo.com. (27) > >>> >17:39:45.897233 IP 212.119.64.228.36946 > 199.7.91.13.domain: 17626 > NS? > . > >>> >(17) > >>> >17:39:46.363642 IP 212.119.64.228.37891 > 212.119.64.228.domain: > >>> >34168+ [1au] A? yahoo.com. (38) > >>> >17:39:46.370282 IP 212.119.64.228.domain > 212.119.64.228.37891: > >>> >34168 ServFail 0/0/1 (38) > >>> > >>> these are just outgoing DNS requests , no replies coming back. > >>> Are you sure there is no firewall, or "security" gateway between > >>> your server and the world? > >>> > >>> > >>> -- > >>> Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > >>> Warning: I wish NOT to receive e-mail advertising to this address. > >>> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > >>> 42.7 percent of all statistics are made up on the spot. > >>> _______________________________________________ > >>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to > >>> unsubscribe from this list > >>> > >>> bind-users mailing list > >>> bind-users@lists.isc.org > >>> https://lists.isc.org/mailman/listinfo/bind-users > >> > >> -- > >> Barry Margolin > >> Arlington, MA > >> _______________________________________________ > >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to > >> unsubscribe from this list > >> > >> bind-users mailing list > >> bind-users@lists.isc.org > >> https://lists.isc.org/mailman/listinfo/bind-users > > > > > > > > -- > > I don't think the execution is relevant when it was obviously a bad > > idea in the first place. > > This is like putting rabid weasels in your pants, and later expressing > > regret at having chosen those particular rabid weasels and that pair > > of pants. > > ---maf > > > > -- > I don't think the execution is relevant when it was obviously a bad idea in > the first place. > This is like putting rabid weasels in your pants, and later expressing > regret at having chosen those particular rabid weasels and that pair of > pants. > ---maf > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > -- > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > -- > > > > > ------------------------------ > > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > > End of bind-users Digest, Vol 2011, Issue 1 > ******************************************* > >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
