On 5/6/20 1:28 PM, Grant Taylor via bind-users wrote:
The only way that I see how to make this work is to anycast the names and IPs of the name servers that lab1.example.net is delegated to. One anycast instance being external publicly accessible and the other anycast instance being internal private accessible.
I have done a proof of concept of the anycast method and it does seem to work correctly.
-------- internal% dig test.lab1.tnclab.net ; <<>> DiG 9.10.6 <<>> test.lab1.tnclab.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23882 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;test.lab1.tnclab.net. IN A ;; ANSWER SECTION: test.lab1.tnclab.net. 3600 IN A 192.0.2.1 ;; Query time: 39 msec ;; SERVER: REDACTED ;; WHEN: Wed May 06 14:18:10 MDT 2020 ;; MSG SIZE rcvd: 65 -------- -------- external% dig test.lab1.tnclab.net ; <<>> DiG 9.12.3-P4 <<>> test.lab1.tnclab.net ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63790 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: 5fc29c39df72cceab05aca3f5eb31d230e6f902042ae0ee9 (good) ;; QUESTION SECTION: ;test.lab1.tnclab.net. IN A ;; AUTHORITY SECTION:lab1.tnclab.net. 300 IN SOA hidden-soa.lab1.tnclab.net. gtaylor.tnetconsulting.net. 2017072101 3600 1800 2419200 3600
;; Query time: 390 msec ;; SERVER: REDACTED ;; WHEN: Wed May 06 20:25:07 UTC 2020 ;; MSG SIZE rcvd: 150 -------- -------- internal% dig +trace test.lab1.tnclab.net ; <<>> DiG 9.10.6 <<>> +trace test.lab1.tnclab.net ;; global options: +cmd . 518400 IN NS e.root-servers.net. . 518400 IN NS m.root-servers.net. . 518400 IN NS i.root-servers.net. . 518400 IN NS a.root-servers.net. . 518400 IN NS j.root-servers.net. . 518400 IN NS c.root-servers.net. . 518400 IN NS b.root-servers.net. . 518400 IN NS g.root-servers.net. . 518400 IN NS d.root-servers.net. . 518400 IN NS h.root-servers.net. . 518400 IN NS f.root-servers.net. . 518400 IN NS k.root-servers.net. . 518400 IN NS l.root-servers.net.. 518400 IN RRSIG NS 8 0 518400 20200519170000 20200506160000 48903 . OD2b8PqZD5hfvqfK8fpR/1LdfzXU+WRG5cTgZdpuA8/GAba1oP5/6HPK mzOHTuU7MpLI7u8TIJNd/NtvrZ/1cC6NO+olIu3umCcxte0PJqgxZGSK 0eFaFHrbjBwJd509MnjuZlhdBSGGuS2uD0fdyquZecor+pVQUfTCYCdI T8w1+F8OmkNfd2F2FUZYq2bBXOJMtgGuyHOo0RHogVQJOw58fDjMWXtS nMjs+0Lkk/Lh2ZB8tXUnunBM7CrincaLhxQf2Ez9rQS3UeOd5jJAWYMo V57A5O5FsGJo41vvrS4+Sh10Frk+3sdWwLvCzPPuH/eHsGtdEq8KSfTG a2IC4w==
;; Received 1109 bytes from 198:18:18::254#53(198:18:18::254) in 38 ms net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net.net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE net. 86400 IN RRSIG DS 8 1 86400 20200519170000 20200506160000 48903 . t7tjxOQhUoE6+VRIPH1U4fVOf6PZ+zsNFky80lrmCMYHJ6YPwo7pwY5n Fp5GbEC9JcdrcFjpa+NbanTw5RFgWiukZT5AQANZ966ZegyA6tUwaNTV 9L90194vvQDcHNaQznftw4PpcQ0lNNETUswFm1lzv6GGs9iNFjjba459 XXTGYq9voALC8AfySPANp49fWteXPG0YvA0Fu/T+2IooyFwRwiDxEhpQ 49IVwVJZB3CimeL1kmP0nfP4/dxtj0OXhg+0S7gNX+HKf6gopVvtkfVs AuZZkYRdderRh4mqc1tyK2QIH7QvO8xpzc7ruWVMjNjpKQ6GICGs0inS XLC5tA== ;; Received 1177 bytes from 192.203.230.10#53(e.root-servers.net) in 32 ms
tnclab.net. 172800 IN NS ns1.linode.com. tnclab.net. 172800 IN NS ns2.linode.com. tnclab.net. 172800 IN NS ns3.linode.com. tnclab.net. 172800 IN NS ns4.linode.com. tnclab.net. 172800 IN NS ns5.linode.com.tnclab.net. 86400 IN DS 45760 8 1 FF5960A7A1CA8F1C94125BA8F471A828738C046F tnclab.net. 86400 IN DS 45760 8 2 2E3CDCAD213387EA611A7B368E37D259811DB75371CBB4F2831F89D4 B6014A57 tnclab.net. 86400 IN RRSIG DS 8 2 86400 20200513064718 20200506053718 36059 net. 2yGFlsfpeXC8ID7mh1fVzwrBy7X9Y9fk9sw66Yy8ZqiM20mRCzhf0Fuh cQGrZRBP4QA65bP1NWc3m5dTV/R0K8ZxDjw4dHMWwmp8e78BRi+CqPzC ZxSVGBO9WlKKoL9jIvfOUkqQU+YEVEriXe2vMk4DmWT+5yjECjWLMPz3 ExeU1HebMZy6uA4CRueicnzBEkAKN5YJfpPnZdRuq53fnQ== ;; Received 428 bytes from 2001:503:231d::2:30#53(b.gtld-servers.net) in 207 ms
lab1.tnclab.net. 3600 IN NS acns.tnclab.net. lab1.tnclab.net. 3600 IN NSEC tnclab.net. NS RRSIG NSEClab1.tnclab.net. 3600 IN RRSIG NSEC 8 3 3600 20200605194430 20200506184430 18336 tnclab.net. zmBPhbAJpJTPXIFIk3B57vtPnRqqZ6xYbVwQY2V3o14pHxqy8kjHL0QW ZPoUCoXmzQ1yRPp8rMlDR6mp/6gNbejN2VSUtlbERnJLns08786LSCsd oRieCphgsJLZPOKcL9FBa2rKSwp4QOlZdWid91eu+68l359X8TZeInHi xRw= ;; Received 456 bytes from 2400:cb00:2049:1::a29f:1827#53(ns2.linode.com) in 99 ms
test.lab1.tnclab.net. 3600 IN A 192.0.2.1 ;; Received 65 bytes from 45.33.28.7#53(acns.tnclab.net) in 1 ms -------- -------- external% dig +trace test.lab1.tnclab.net ; <<>> DiG 9.12.3-P4 <<>> +trace test.lab1.tnclab.net ;; global options: +cmd . 164357 IN NS e.root-servers.net. . 164357 IN NS f.root-servers.net. . 164357 IN NS k.root-servers.net. . 164357 IN NS h.root-servers.net. . 164357 IN NS b.root-servers.net. . 164357 IN NS j.root-servers.net. . 164357 IN NS l.root-servers.net. . 164357 IN NS g.root-servers.net. . 164357 IN NS m.root-servers.net. . 164357 IN NS a.root-servers.net. . 164357 IN NS d.root-servers.net. . 164357 IN NS c.root-servers.net. . 164357 IN NS i.root-servers.net.. 164357 IN RRSIG NS 8 0 518400 20200515050000 20200502040000 48903 . dGTnT7OISNAcz0hcLgOXqLpvSAMJBWDpi1XSSvWpVekIo3ZOwfOHqMdJ DcZlGtmC4QfU7YXJi9LBVdCI57v9AbL8uyOJhCFVPmmjXoZvijZ9toPd Ou0YMdBQG2y5ToXinStHcZGeICNUYpwPyuNs+ulK7smJd7Co4N5y5V3t V+SO9wmVQNou3TIrUUX6KQ7DmyPBmoFIs24wy4NeQ/q547QZgSff7LUP 5rJMwxQhPwy3V3FcaMSbJfHFu5uO3WIHXS98i6HNVw/8G02xhHsTBtj3 NVsXzOB1Wfu4NERzka+Tle53jeK4TZnGWdXldnw4/729RVVVpfF4KpGt j3UQpw==
;; Received 565 bytes from 127.0.0.1#53(127.0.0.1) in 0 ms net. 172800 IN NS l.gtld-servers.net. net. 172800 IN NS b.gtld-servers.net. net. 172800 IN NS c.gtld-servers.net. net. 172800 IN NS d.gtld-servers.net. net. 172800 IN NS e.gtld-servers.net. net. 172800 IN NS f.gtld-servers.net. net. 172800 IN NS g.gtld-servers.net. net. 172800 IN NS a.gtld-servers.net. net. 172800 IN NS h.gtld-servers.net. net. 172800 IN NS i.gtld-servers.net. net. 172800 IN NS j.gtld-servers.net. net. 172800 IN NS k.gtld-servers.net. net. 172800 IN NS m.gtld-servers.net.net. 86400 IN DS 35886 8 2 7862B27F5F516EBE19680444D4CE5E762981931842C465F00236401D 8BD973EE net. 86400 IN RRSIG DS 8 1 86400 20200519170000 20200506160000 48903 . t7tjxOQhUoE6+VRIPH1U4fVOf6PZ+zsNFky80lrmCMYHJ6YPwo7pwY5n Fp5GbEC9JcdrcFjpa+NbanTw5RFgWiukZT5AQANZ966ZegyA6tUwaNTV 9L90194vvQDcHNaQznftw4PpcQ0lNNETUswFm1lzv6GGs9iNFjjba459 XXTGYq9voALC8AfySPANp49fWteXPG0YvA0Fu/T+2IooyFwRwiDxEhpQ 49IVwVJZB3CimeL1kmP0nfP4/dxtj0OXhg+0S7gNX+HKf6gopVvtkfVs AuZZkYRdderRh4mqc1tyK2QIH7QvO8xpzc7ruWVMjNjpKQ6GICGs0inS XLC5tA== ;; Received 1177 bytes from 2001:500:2f::f#53(f.root-servers.net) in 1 ms
tnclab.net. 172800 IN NS ns1.linode.com. tnclab.net. 172800 IN NS ns2.linode.com. tnclab.net. 172800 IN NS ns3.linode.com. tnclab.net. 172800 IN NS ns4.linode.com. tnclab.net. 172800 IN NS ns5.linode.com.tnclab.net. 86400 IN DS 45760 8 1 FF5960A7A1CA8F1C94125BA8F471A828738C046F tnclab.net. 86400 IN DS 45760 8 2 2E3CDCAD213387EA611A7B368E37D259811DB75371CBB4F2831F89D4 B6014A57 tnclab.net. 86400 IN RRSIG DS 8 2 86400 20200513064718 20200506053718 36059 net. 2yGFlsfpeXC8ID7mh1fVzwrBy7X9Y9fk9sw66Yy8ZqiM20mRCzhf0Fuh cQGrZRBP4QA65bP1NWc3m5dTV/R0K8ZxDjw4dHMWwmp8e78BRi+CqPzC ZxSVGBO9WlKKoL9jIvfOUkqQU+YEVEriXe2vMk4DmWT+5yjECjWLMPz3 ExeU1HebMZy6uA4CRueicnzBEkAKN5YJfpPnZdRuq53fnQ==
;; Received 428 bytes from 192.43.172.30#53(i.gtld-servers.net) in 7 ms lab1.tnclab.net. 3600 IN NS acns.tnclab.net. lab1.tnclab.net. 3600 IN NSEC tnclab.net. NS RRSIG NSEClab1.tnclab.net. 3600 IN RRSIG NSEC 8 3 3600 20200605194430 20200506184430 18336 tnclab.net. zmBPhbAJpJTPXIFIk3B57vtPnRqqZ6xYbVwQY2V3o14pHxqy8kjHL0QW ZPoUCoXmzQ1yRPp8rMlDR6mp/6gNbejN2VSUtlbERnJLns08786LSCsd oRieCphgsJLZPOKcL9FBa2rKSwp4QOlZdWid91eu+68l359X8TZeInHi xRw=
;; Received 456 bytes from 162.159.24.25#53(ns5.linode.com) in 74 mslab1.tnclab.net. 300 IN SOA hidden-soa.lab1.tnclab.net. gtaylor.tnetconsulting.net. 2017072101 3600 1800 2419200 3600
;; Received 119 bytes from 45.33.28.7#53(acns.tnclab.net) in 102 ms --------45.33.28.7 is anycasted in that it exists globally on one of my VPSs and in my lab enviornment. (No BGP involved with this anycast.)
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
