Zone hints for VPN environments

Mon, 15 Feb 2016 00:37:13 -0800 

Hello BIND users
Assume the following situation: Pure IPv4 environment, my own network running behind a NAT uses the zone "intra.example.com" and has a Linux box with 192.168.6.2 running named for that zone as well as 6.168.192.in-addr.arpa. 


Assume a second completely separate corporate network also behind a NAT 
where a ActiveDirectory DNS server for the zone "intra.example.net" is 
running on a server 10.55.2.3 (this server also provides 
2.55.10.in-addr.arpa, of course).



Let's connect both these networks over a VPN tunnel, i.e. 192.168.6.0/24 is 
routed to 10.55.2.0/24 and vice versa.



The basic problem: In a standard bind setup, my DNS server is not able to 
resolve resources from "intra.example.net" since it's not allowed to put


$ORIGIN example.net.

intra    IN    NS    adpdc1.intra.example.net.
adpdc1.intra    IN    A    10.55.2.3

on the public (reachable worldwide) example.net DNS zone.


The question is: How can I place the ActiveDirectory DNS as forwarder DNS 
server in such a way that it is responsible for a specific DNS zone only? I 
need something like


zone "intra.example.com" in {
       type master;
       file "intra.example.con.zone";
};

zone "2.168.192.in-addr.arpa" in {
       type master;
       file "192.168.2.zone";
};

; VPN to corporate #1's LAN
forwarders (filter = intra.example.net|2.55.10.in-addr.arpa) {
 10.55.2.3;
}

; VPN to corporate #2's LAN
forwarders (filter = intra.example.org|55.77.10.in-addr.arpa) {
 10.77.55.4;
}

; Default forwarders (my ISP's DNS servers) for all other queries
forwarders {
   192.0.2.44; 198.51.100.2;
}

Or do I have to use

; Zone hints to corporate #1's intranet
zone "intra.example.net." {
       type hint;
       file "corporate1_dns.subroot";
};

zone "2.55.10.in-addr.arpa." {
       type hint;
       file "corporate1_dns.subroot";
};

; Zone hints to corporate #2's intranet
zone "intra.example.org." {
       type hint;
       file "corporate2_dns.subroot";
};

zone "55.77.10.in-addr.arpa." {
       type hint;
       file "corporate2_dns.subroot";
};


; Default public hints as usual from 
ftp://ftp.internic.net/domain/named.cache

zone "." {
       type hint;
       file "named.cache";
};

$ cat corporate1_dns.subroot
adpdc1.intra.example.net.    3600000    IN    A    10.55.2.3
$ cat corporate2_dns.subroot
pdc1.intra.example.org.    3600000    IN    A    10.77.55.4

for exact that scenario?

Thanks in advance for answers.

         Andreas
--

"127.0.0.1 was ist das? Ich kenne nur ::1!" - www.swissipv6council.ch 


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to