Hi.

On Fri, 4 Nov 2022, Grant Taylor via bind-users wrote:
2) Leverage Response Policy Zone(s) to try to influence the lookup as others suggested. E.g. cause 1.66.136.193.in-addr.arpa. to become 1.0-28.66.136.193.in-addr.arpa. locally. -- I'd have to read about how to do this.
[...]

 1       IN      PTR     dns.di.ubi.pt.
This. ^^^^^^^^^^^^^^^^^^^^^^^^

It's really like that but within the response policy zone. It depends on how your RPZ is scoped. If you just take over the world it looks like this:

$ORIGIN .
$TTL 600        ; 10 minutes
REARVIEW.M3047.NET      IN SOA  DEV.NULL. M3047.M3047.NET. (
                                2114499    ; serial
                                30         ; refresh (30 seconds)
                                15         ; retry (15 seconds)
                                86400      ; expire (1 day)
                                600        ; minimum (10 minutes)
                                )
                        NS      LOCALHOST.
$ORIGIN 1.0.10.in-addr.arpa.rearview.m3047.net.
207                     PTR     fire3-10-inch.m3047.
TXT "depth=1,first=1665768627.2416348,last=1667531692.5136201,count=264,trend=3935.662293321998,update=1
667540875.2942646,score=6.057739570203342"
$ORIGIN 21.100.in-addr.arpa.rearview.m3047.net.
103.0                   PTR     arcus-uswest.amazon.com.
TXT "depth=1,first=1665810308.1564665,last=1667535958.6280398,count=152,trend=11758.670145495724,update=
1667540875.2953703,score=5.3302068902418895"
$ORIGIN 24.100.in-addr.arpa.rearview.m3047.net.
64.188                  PTR     s2s.aniview.com.
TXT "depth=2,first=1667458140.2700894,last=1667507046.0667324,count=12,trend=3481.8259883810015,update=1

That is a BIND generated zonefile. Takeaways:

* The zone is rearview.m3047.net.
* The zone is being used as a response policy zone.
* The rewrites are fully specified WITHIN THAT ZONE:

103.0.21.100.in-addr.arpa.rearview.m3047.net. PTR arcus-uswest.amazon.com.

* Note the trailing terminal dot on both the LHS and RHS.

# dig -x 100.21.0.103

;; QUESTION SECTION:
;103.0.21.100.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
103.0.21.100.in-addr.arpa. 300 IN PTR ec2-100-21-0-103.us-west-2.compute.amazonaws.com.

;; AUTHORITY SECTION:
0.21.100.in-addr.arpa. 300 IN NS ns2-24-us-west-2.ec2-rdns.amazonaws.com. 0.21.100.in-addr.arpa. 300 IN NS ns4-24-us-west-2.ec2-rdns.amazonaws.com. 0.21.100.in-addr.arpa. 300 IN NS ns1-24-us-west-2.ec2-rdns.amazonaws.com. 0.21.100.in-addr.arpa. 300 IN NS ns3-24-us-west-2.ec2-rdns.amazonaws.com.

;; ADDITIONAL SECTION:
ns1-24-us-west-2.ec2-rdns.amazonaws.com. 300 IN A 205.251.197.77
ns4-24-us-west-2.ec2-rdns.amazonaws.com. 300 IN A 205.251.194.254

;; SERVER: 10.0.0.220#53(10.0.0.220)

# dig @10.0.0.230 -x 100.21.0.103

;; QUESTION SECTION:
;103.0.21.100.in-addr.arpa.     IN      PTR

;; ANSWER SECTION:
103.0.21.100.in-addr.arpa. 5    IN      PTR     arcus-uswest.amazon.com.

;; AUTHORITY SECTION:
REARVIEW.M3047.NET.     600     IN      NS      LOCALHOST.

;; ADDITIONAL SECTION:
REARVIEW.M3047.NET. 1 IN SOA DEV.NULL. M3047.M3047.NET. 2114509 30 15 86400 600

;; SERVER: 10.0.0.230#53(10.0.0.230)

# dig @10.0.0.220 103.0.21.100.in-addr.arpa.rearview.m3047.net. PTR

;; QUESTION SECTION:
;103.0.21.100.in-addr.arpa.rearview.m3047.net. IN PTR

;; ANSWER SECTION:
103.0.21.100.in-addr.arpa.rearview.m3047.net. 600 IN PTR arcus-uswest.amazon.com.

;; AUTHORITY SECTION:
REARVIEW.M3047.NET.     600     IN      NS      LOCALHOST.

;; SERVER: 10.0.0.220#53(10.0.0.220)

# dig @10.0.0.220 103.0.21.100.in-addr.arpa.rearview.m3047.net. TXT

;; QUESTION SECTION:
;103.0.21.100.in-addr.arpa.rearview.m3047.net. IN TXT

;; ANSWER SECTION:
103.0.21.100.in-addr.arpa.rearview.m3047.net. 600 IN TXT "depth=1,first=1665810308.1564665,last=1667535958.6280398,count=152,trend=11758.670145495724,update=1667540875.2953703,score=5.3302068902418895"

;; AUTHORITY SECTION:
REARVIEW.M3047.NET.     600     IN      NS      LOCALHOST.

;; SERVER: 10.0.0.220#53(10.0.0.220)

--

Fred Morris, internet plumber

--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to