RE: Overriding a single record with dynamic-dns
Hello Thank you for your detailed answer ... but, indeed i do need some of the dynamic dns data in the external view and yes, the mx is it the apex .. Your answer makes me wonder if i should be playing with cname aliases and build a separate 'static' zone with two views Thanks again Fred___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: Overriding a single record with dynamic-dns
Well, the apex record of a zone can’t be an alias, and you can’t legally point an MX record to an alias as its target. So I don’t know if you’ll get much success, either way… Can you move off the dynamic stuff to a subzone, e.g. dhcp.example.com? Then the main zone could be static, and that would give you more flexibility. Generally speaking, you’ll want to split off your dynamic data anyway, since there’s so much “churn” associated with such zones. If dynamic and static entries co-exist in the same part of the namespace hierarchy, there’s also an increased possibility of collision. - Kevin From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of gnafou Sent: Friday, January 22, 2016 3:03 AM To: bind-users@lists.isc.org Subject: RE: Overriding a single record with dynamic-dns Hello Thank you for your detailed answer ... but, indeed i do need some of the dynamic dns data in the external view and yes, the mx is it the apex .. Your answer makes me wonder if i should be playing with cname aliases and build a separate 'static' zone with two views Thanks again Fred ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RPZ in dns views
Hi All,
I am trying to use RPZ ( Response Policy Zone) in DNS views (BIND 9.8.2)
but i am getting the below error
service named restart
Stopping named:[ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:92: when using 'view' statements, all zones must be in views
[FAILED]
I am pasting the named.conf file and "dummy-block" which has the zone info
below
*named.conf*
options {
// DNS tables are located in the /var/named directory
directory "/var/named";
// Forward any unresolved requests to our ISP's name server
forwarders {
4.2.2.1;
};
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
query-source address * port 53;
listen-on port 53 { 127.0.0.1; any; };
allow-query { localhost; any; };
allow-query-cache { localhost; any; };
recursion yes;
/*
* Added the below lines to make DNS + TSIG
*/
dnssec-enableyes;
dnssec-validation yes;
dnssec-lookaside auto;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
};
key "secret-key" {
algorithm "hmac-md5";
secret
"PUp7RAfTglybAoctQR3aUW+cLpNDyjlMWUvCoHPxiWr9e0budWUQ6jp9MmrhaINa1DFZgvtuxxkOw7oCnU4qzQ==";
};
key "second-secret-key" {
algorithm "hmac-md5";
secret
"sjz+sH4PGPPKPXLeTM7oG3WbmCIwxxcWLA+qaGaazmvLY0TvbPZ9xZi+B5JuYWMA8rpzUYi26kFiBODIOw9Rdg==";
};
key "third-secret-key" {
algorithm "hmac-md5";
secret
"cQiZnv+4GZb0rEFkagYw8cFowSeC2Yj6dXXT7pvdllJoMW0Gt7Nhv07Y5EyZUTcS2hX5Ngbu7syyZ6IGUkCvqA==";
};
acl "first-key-acl" {
key secret-key;
};
acl "second-key-acl"{
key second-secret-key;
};
acl "third-key-acl"{
key third-secret-key;
};
view "second-key-view" {
match-clients{
second-key-acl;
//key secret-key;
};
zone "bbc.com"
{
type master;
file "views/firstkey";
allow-query {none;};
};
response-policy {
zone "youtube.com";
};
};
zone "youtube.com"
{
type master;
file "dummy-block";
allow-query {none;};
};
view "secret-key-vew" {
match-clients{
first-key-acl;
//key secret-key;
};
zone "abc.com"
{
type master;
file "views/secondkey";
allow-query {none;};
};
};
view default {
match-clients { any; };
match-destinations { any; };
include "/etc/named.rfc1912.zones";
};
*dummy-block*
youtube.com. 14400 IN SOA ns.youtube.com. root.ns.youtube.com. (
2004123001;
86000;
7200;
1209600;
600)
youtube.com. 14400 IN NS ns.youtube.com.
ns.youtube.com. 14400 IN A 10.255.246.110
I appreciate your help on this.
Thanks,
Rama
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: RPZ in dns views
On 01/22/2016 05:30 PM, Rama Krishna Prasad Chunduru wrote:
Hi All,
I am trying to use RPZ ( Response Policy Zone) in DNS views (BIND
9.8.2) but i am getting the below error
service named restart
Stopping named:[ OK ]
Starting named:
Error in named configuration:
/etc/named.conf:92: when using 'view' statements, all zones must be in views
[FAILED]
That error message is pretty clear. :)
Whenever you edit named.conf, especially if you're doing it by hand, you
should run named-checkconf and make sure you don't get any errors.
That's what the service script is doing for you, and it's even telling
you exactly which line to look at (92).
view "second-key-view" {
match-clients{
second-key-acl;
//key secret-key;
};
zone "bbc.com "
{
type master;
file "views/firstkey";
allow-query {none;};
};
response-policy {
zone "youtube.com ";
};
};
You ended the view with the close-curly-bracket immediately above. You
probably want to comment out (or completely remove) the zone declaration
below.
zone "youtube.com "
{
type master;
file "dummy-block";
allow-query {none;};
};
view ...
hope this helps,
Doug
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
