On 10/15/2017 06:15 AM, Michelle Konzack wrote:
Good day,
Hi,
I have created a file
----[ /etc/bind/db.block ]----------------------------------------------
@ 86400 IN SOA dns1.<removed>. hostmaster.<removed>. ( a b c d e )
IN NS dns1.<removed>.
* IN CNAME block.<removed>.
------------------------------------------------------------------------
----[ /etc/bind/named.conf.block ]--------------------------------------
zone "101com.com" {type master; notify no; file "/etc/bind/db.block"; };
zone "101order.com" {type master; notify no; file "/etc/bind/db.block"; };
------------------------------------------------------------------------
Okay.
I've seen this type of thing done a number of times before. (I think I
first saw it on FreeBSD.)
Since <dns1> is my own server, I have it prepend in my dhclient.conf of
my Laptop but if I now querry
Do I understand correctly that you are tweaking dhclient to use your
server before other DNS servers?
----[ command 'nslookup 101com.com' ]-----------------------------------
;; Got recursion not availlable from 7847104.44, trying next server
Server: 192.168.43.1
Address: 192.168.43.1#53
Non-authoritative answer:
Name: 101com.com
Address: 66.77.93.51
------------------------------------------------------------------------
The first thing I see is that you are querying the domain 101com.com
which does not have an A or AAAA record in your db.block file.
The second thing I notice is that you are not testing directly against
your server. (I assume you're relying on dhclient to pick the order.)
I'd suggest trying "nslookup 101com.com dns1.<removed>." to make sure
that you are testing your DNS config and not hitting a dhclient resolver
order issue.
----[ command 'named-checkzone 101com.com db.block' ]-------------------
db.block:3: using RFC1035 TTL semantics
zone 101com.com/IN: loaded serial 1508068518
OK
------------------------------------------------------------------------
What I am missing here?
It should point to the server block.<removed>
Your nslookup will very likely not hit the CNAME as you're querying the
apex of the 101com.com zone.
I would also suggest that you check out Response Policy Zone(s) as they
may be a better / more scalable way to accomplish what I suspect you are
after.
You might also want to glance at DNAME as it's closely related and can
allow you to change the back end name that is queried.
Thanks in avance
You're welcome.
Good luck.
--
Grant. . . .
unix || die
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
