Hello to the list. Long-time BIND user here - a big "Thank You!" to ISC
for all they do.
I'm finding myself out past the limits of my knowledge, and I'm asking for
help. My environment is BIND 9.11.2, on SLES 12 SP4.
I'm thinking of using the Response Policy Zones feature to solve a
problem, but I have no experience with the configuration. The online
examples and discussions I've found are geared more towards DNS firewalls,
which is not really what I'm trying to do.
Consider the Zone 'internal.local'. It has 2 DNS servers,
buzz.internal.local and woody.internal.local; they both are authoritative
(forward and reverse) for the Zone. They serve all of the clients in
internal.local, and all hosts have IP addresses 10.AAA.BBB.CCC
I've created a special network "bubble", where the IP addressing is
192.168.XXX.YYY, and in which selected hosts will briefly live before they
are moved to the 10.AAA.BBB.CCC network. While in this bubble, they
self-identify as hosts in the internal.local Domain; however, they have no
direct connectivity to buzz or woody; instead, via DHCP, they are told to
use zurg.internal.local for DNS. zurg is on a host that has IPs in both
the 10. and 192.168. networks (but zurg's DNS server only listens on the
192.168. network, and is the only DNS server in that network)
I want to configure zurg so that it will refer ALL requests to buzz or
woody; however, when a request is made to resolve andy.internal.local or
sid.internal.local, then zurg rewrites those IPs from the 10. addresses
that buzz and woody know about to 192.168. addresses that only zurg knows.
andy and sid also have addresses in both networks.
Reverse lookups shouldn't be an issue - hosts won't live in this bubble
long enough to care
To recap what I'm attempting to create: a host in the 10. network knows to
ask buzz or woody for DNS resolution, and if such a host wants to resolve
andy.internal.local, it gets (for example) 10.0.2.4 (moreover, the host
can't even reach the DNS server on zurg). This part already exists.
However, a host in the 192.168. network has been told to use zurg, and if
it asks to resolve andy.internal.local, I want it to get 192.168.8.9 (even
though when zurg forwarded the request to buzz, the response was 10.0.2.4)
When zurg takes a request from a host in the 192.168. network to resolve
anything EXCEPT andy or sid, then the request is processed normally, and
zurg returns whatever reply was given by buzz or woody
Is such a configuration possible, and how do I do it?
BTW, right now, zurg is up and running - I understand his configuration
will have to radically change. Currently, he considers himself as
authoritative for internal.local, but he only knows of 2 hosts (andy and
sid); he does not forward and does not contain the full Zone information
for internal.local
Please let me know if additional information is needed.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
