Dear, thanks for your contact. I've used teamviewer.com just for tests. Desktops I mentioned can only access to web apps from internal domains, but in some web apps there are links to download Teamviewer client software from Internet. I can create a private zone "teamviewer.com" with all the hostnames and IP's we will use, but if they change I will be in trouble.
So we need to forward the query to our resolvers in order to get a valid response. So I think we can use the forward option from BIND, but it doesn't work at all as I described: 1. "recursion no" can only be set at the top (view) level, not overridden at the zone level. 2. If I set "recursion no" at the view level, then a "type forward" zone has no effect: view "foo" { recursion no; ... zone "teamviewer.com" { type forward; forward only; forwarders {172.18.1.1; 172.18.1.2;}; }; -- query for foo.teamviewer.com fails and tell it's not a recursive query 3. If I define "recursion yes" at view level: view "foo" { recursion yes; ... zone "teamviewer.com" { type forward; forward only; forwarders {172.18.1.1; 172.18.1.2;}; }; -- query for foo.teamviewer.com is OK, but also I get response OK from foo.ibm.com, foo.google.com, and any other public domain from Internet (and this is not what I want, it's what I'm trying to prevent)) So can you help me please??? Regards. El jue., 7 feb. 2019 a las 15:40, Matus UHLAR - fantomas (<uh...@fantomas.sk>) escribió: > On 07.02.19 14:58, Roberto Carna wrote: > >In our company we have several desktops from two different cities > accessing > >only to internal domains distributed in two views in a private BIND with > >authoritative zones, where I've defined "recursion no;". > > > >But now we have to let them access to *.teamviewer.com hostnames, just > this > >public domain and not other. > > btw, when did linux.org change to teamviewer.com? > > >So I've implemented the forwarding of "teamviewer.com" zone to our BIND > >resolvers servers (they forward DNS queries to 8.8.8.8). So I've created a > >third view with this information in named.conf.local: > > > >acl internet { 10.0.0.0/24 }; > > > >view "internet" { > > > > match-clients { internet; key "custom"; }; > > > > recursion yes; > > > > zone "teamviewer.com" { > > > > type forward; > > > > forward only; > > > > forwarders { > > > > 172.18.1.1; > > > > 172.18.1.2; > > > > }; > > > >}; > > > >I defined "recursion yes" but the BIND servers forwards all the public > >domains queries to our resolvers and not just for "teamviewer.com", so it > >doesn't work. And if I change for "recursion no", the query > >www.teamviewer.com is refused and at the client side appears an error > >telling that recursion is necessary. > > of course, BIND will resolve other domains (recurse) only when you allow it > to recurse. > > >So I let desktops resolve all the Internet domains or neither, and this is > >not what I want because I just want to let them resolve just > teamviewer.com. > > > >How can I do to forward only teamviewer.com zone queries to my > resolvers??? > > what is the point of running DNS server with only two hostnames allowed to > resolve? > > -- > Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ > Warning: I wish NOT to receive e-mail advertising to this address. > Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. > Despite the cost of living, have you noticed how popular it remains? > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users