-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hi,
is it possible to set up a zone in bind similar to a http(s) reverse
proxy:
1. The server appears authoritative to clients (the consulted server is
indeed authoritative).
2. Each request is passed on to the other server (or served from cache),
but the information is *not* obtained by zone transfers (because the other
server does not have/allow this).
So far, I had used a forward zone (to assure condition 2), but it violates
condition 1:
directly queried:
# dig @127.0.0.1 -p 5353 ns.i.eckner.net
; <<>> DiG 9.16.0 <<>> @127.0.0.1 -p 5353 ns.i.eckner.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61359
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;ns.i.eckner.net. IN A
;; ANSWER SECTION:
ns.i.eckner.net. 3600 IN A 193.30.121.109
;; Query time: 0 msec
;; SERVER: 127.0.0.1#5353(127.0.0.1)
;; WHEN: Wed Feb 26 15:09:45 CET 2020
;; MSG SIZE rcvd: 49
querying the "reverse-proxy":
# dig @127.0.0.1 -p 53 ns.i.eckner.net
; <<>> DiG 9.16.0 <<>> @127.0.0.1 -p 53 ns.i.eckner.net
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30724
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: de8d1f39eca01509010000005e567c38203e4e1025c43f9d (good)
;; QUESTION SECTION:
;ns.i.eckner.net. IN A
;; ANSWER SECTION:
ns.i.eckner.net. 3600 IN A 193.30.121.109
;; Query time: 6 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Feb 26 15:10:00 CET 2020
;; MSG SIZE rcvd: 88
This is the relevant part of my config (so far):
zone "i.eckner.net" IN {
type forward;
forwarders {
127.0.0.1 port 5353;
};
forward only;
};
Is it possible to fake/force the authoritative-bit in the answer for
queries below "i.eckner.net"?
regards,
Erich
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAl5WgIEACgkQCu7JB1Xa
e1oOlg/+Or2ffpo0YM3po5zv3VZK0q+AAOBqG5MKVvsnJPhoyfZmwmAd0B3ri3j3
105cJP0Y2sKLEWmHgUms28yws7VyTljFik8hJfncOlb3PUS4LTJeI00YjqWTgvKN
i7WgaD/l+DnJD1Hp8PRa1ddHoDqDDqVs2mZcTzr5pVmx1xb9kgsvzu6N+qph+Joj
4zhVZc3hhyTA9RpMcQbX2+uHY67j+p3q4rwHCZkCCs6JF5Y1S/BZSyne+OEOjUUz
giZNHl5Bjld6mAwUNneVFBF6VmbrTAt1W0IKpNwlDcSTX58wDEWZLY4vR1DNDFh3
BTWLqM0rM4yc9VRHdf2gkKCMFKcOtKne0/T+Pi9j2QSBRKrnvg2wwHfCfT4+0zb0
YTiiJV2gsaChXiIf7CIpNa7Uvx0bngOt8xgsY3CrRVyEY6KqnFCSXtcAIQtuoTv4
JMJoBeZLOkWM21AE5W4v4u5xJ4e88ji5T6t+s2G7lHgpjpxdl8fLMdqEGv7JThTR
vd0mlWHztl/0XfjAtEG0uCWCzYkX2F5n/PVAj+a+IiKNB70h7gFyQ9Cz/Z2tUjwG
B+2Gx4W4tev6oTej9ELyMY/6UOlxgw2yh7kKW5/BR9nYTwDgySmXzDb9uOf3N5/i
6EgceIWHDzPd6Z2PnIeCEcmR3IYIXIJSbbT6wKzv0+BGuN1dUF8=
=A0Mn
-----END PGP SIGNATURE-----
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
