date:20191205

Re: function in DNS to provide an answer depending on the source of query.

2019-12-05 Thread Mark Elkins


Views (with source views) can do this.


Once had a config with five views - terrible idea.


On 2019/12/05 09:57, Harshith Mulky wrote:

Hello,

Is there a possibility to achieve this from a DNS

If Carrier A (source IP: A.A.A.A) sends NAPTR query X to DNS, then DNS 
replies NAPTR response Y.



If Carrier B (source IP: B.B.B.B) sends NAPTR query X to DNS, then DNS 
replies NAPTR response Z.



is there any function in DNS to provide an answer depending on the 
source of query?



Thanks




___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--

Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za   Tel: +27.826010496 
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za

Posix SystemsVCARD for MJ Elkins

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: function in DNS to provide an answer depending on the source of query.

2019-12-05 Thread Evan Hunt

On Thu, Dec 05, 2019 at 07:57:24AM +, Harshith Mulky wrote:
> Is there a possibility to achieve this from a DNS
> 
> If Carrier A (source IP: A.A.A.A) sends NAPTR query X to DNS, then DNS
> replies NAPTR response Y.
> 
> If Carrier B (source IP: B.B.B.B) sends NAPTR query X to DNS, then DNS
> replies NAPTR response Z.
> 
> is there any function in DNS to provide an answer depending on the source
> of query?

You asked on bind-users, so I assume you wanted to know about BIND, not
DNS in general. Other servers have other methods.

In BIND, you do this by setting up two views, each with a different version
of the zone. View A has a match-clients statement covering A.A.A.A, and has
response Y; view B has a match-clients statement covering B.B.B.B and has
response Z.

There are some other ways to do it too, e.g. with response-policy zones
or the DLZ perl module, but views are easier.

--
Evan Hunt -- e...@isc.org
Internet Systems Consortium, Inc.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

What is wrong in the view matching below

2019-12-05 Thread Harshith Mulky

I have setup view matching as below on my bind server running version 
"bind-9.9.5P1-2.2.2.x86_64"

my /etc/named.conf is as below

options {

directory "/var/lib/named";
#dnssec-enable yes;
managed-keys-directory "/var/lib/named/dyn/";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
listen-on-v6 { any; };
notify no;

disable-empty-zone 
"1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
};

acl internal {
   192.168.24.0/24;
   localhost;
};

view "internal" {
match-clients { internal; };
allow-recursion { any; };
zone "." in {
type hint;
file "root.hint";
};

zone "localhost" in {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" 
IN {
type master;
file "127.0.0.zone";
};

zone "internal.nixcraft.com " IN {
type master;
file "lan.master.nixcraft.com";
  };
};

view "external" {
  match-clients { any; };
  recursion no;
zone "nixcraft.com " IN {
type master;
file "internet.master.nixcraft.com";
  };
};


Zone file lan.master.nixcraft.com as below

$ORIGIN nixcraft.com.
$TTL 3h
@IN SOA ns1.nixcraft.com. vivek.nixcraft.com. (
   2008070332; Serial mmddnn
   3h; Refresh After 3 hours
   1h; Retry Retry after 1 hour
   1h; Expire after 1 week 1w
   1h) ; Minimum negative caching of 1 hour

@  IN NSns1.nixcraft.com.
@  IN NSns2.nixcraft.com.

@  3600 IN MX 10 mail1.nixcraft.com.
@  3600 IN MX 20 mail2.nixcraft.com.

@  3600IN A 208.43.79.236
ns13600IN A 208.43.138.52
ns23600IN A 75.126.168.152
mail1  3600IN A 208.43.79.236
mail2  3600IN A 67.228.49.229
out-router 3600IN A 208.43.79.100
; lan data
wks1   3600IN A 192.168.1.5
wks2   3600IN A 192.168.1.5
wks3   3600IN A 192.168.1.5
in-router  3600IN A 192.168.1.254
; add other lan specifc data below


These are the examples from:
https://www.cyberciti.biz/faq/linux-unix-bind9-named-configure-views/

When starting named:
I am getting error as below

Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
internal.nixcraft.com\032/IN/internal: has 0 SOA records
Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
internal.nixcraft.com\032/IN/internal: has no NS records
Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
internal.nixcraft.com\032/IN/internal: not loaded due to errors.

Please help

Thanks

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: What is wrong in the view matching below

2019-12-05 Thread Sten Carlsen

> 
> zone "internal.nixcraft.com  " IN {
> type master;
> file "lan.master.nixcraft.com ";
>   };
> };

Looks like the file lan.master.nixcraft.com has no data.

> 
> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone internal.nixcraft.com 
> \032/IN/internal: has 0 SOA records
> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone internal.nixcraft.com 
> \032/IN/internal: has no NS records
> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone internal.nixcraft.com 
> \032/IN/internal: not loaded due to errors.
> 
> Please help
> 
> Thanks
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users 
>  to unsubscribe from this 
> list
> 
> bind-users mailing list
> bind-users@lists.isc.org 
> https://lists.isc.org/mailman/listinfo/bind-users 
> 
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: What is wrong in the view matching below

2019-12-05 Thread Ondřej Surý

There’s a space after com

O.
--
Ondřej Surý
ond...@isc.org

> On 5 Dec 2019, at 13:29, Sten Carlsen  wrote:
> 
>> 
>> zone "internal.nixcraft.com " IN {
>> type master;
>> file "lan.master.nixcraft.com";
>>   };
>> };
> 
> Looks like the file lan.master.nixcraft.com has no data.
> 
>> 
>> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
>> internal.nixcraft.com\032/IN/internal: has 0 SOA records
>> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
>> internal.nixcraft.com\032/IN/internal: has no NS records
>> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
>> internal.nixcraft.com\032/IN/internal: not loaded due to errors.
>> 
>> Please help
>> 
>> Thanks
>> 
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>> unsubscribe from this list
>> 
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
> 
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: What is wrong in the view matching below

2019-12-05 Thread Harshith Mulky

Thank you. I corrected this

acl internal {
   10.54.8.0/24;
   localhost;
};

view "external" {
  match-clients { any; };
  recursion no;
zone "nixcraft.com" IN {
type master;
file "internet.master.nixcraft.com";
  };
};
view "internal" {
match-clients { internal; };
allow-recursion { any; };
zone "." in {
type hint;
file "root.hint";
};

zone "localhost" in {
type master;
file "localhost.zone";
};

zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" 
IN {
type master;
file "127.0.0.zone";
};

zone "internal.nixcraft.com" IN {
type master;
file "lan.master.nixcraft.com";
  };
};

But still getting same error

/var/lib/named # named-checkzone internal.nixcraft.com lan.master.nixcraft.com
lan.master.nixcraft.com:3: ignoring out-of-zone data (nixcraft.com)
lan.master.nixcraft.com:10: ignoring out-of-zone data (nixcraft.com)
lan.master.nixcraft.com:11: ignoring out-of-zone data (nixcraft.com)
lan.master.nixcraft.com:13: ignoring out-of-zone data (nixcraft.com)
lan.master.nixcraft.com:14: ignoring out-of-zone data (nixcraft.com)
lan.master.nixcraft.com:16: ignoring out-of-zone data (nixcraft.com)
lan.master.nixcraft.com:17: ignoring out-of-zone data (ns1.nixcraft.com)
lan.master.nixcraft.com:18: ignoring out-of-zone data (ns2.nixcraft.com)
lan.master.nixcraft.com:19: ignoring out-of-zone data (mail1.nixcraft.com)
lan.master.nixcraft.com:20: ignoring out-of-zone data (mail2.nixcraft.com)
lan.master.nixcraft.com:21: ignoring out-of-zone data (out-router.nixcraft.com)
lan.master.nixcraft.com:23: ignoring out-of-zone data (wks1.nixcraft.com)
lan.master.nixcraft.com:24: ignoring out-of-zone data (wks2.nixcraft.com)
lan.master.nixcraft.com:25: ignoring out-of-zone data (wks3.nixcraft.com)
lan.master.nixcraft.com:26: ignoring out-of-zone data (in-router.nixcraft.com)
zone internal.nixcraft.com/IN: has 0 SOA records
zone internal.nixcraft.com/IN: has no NS records
zone internal.nixcraft.com/IN: not loaded due to errors.

From: Ondřej Surý 
Sent: Thursday, December 5, 2019 6:42 PM
To: Sten Carlsen 
Cc: Harshith Mulky ; bind-users@lists.isc.org 

Subject: Re: What is wrong in the view matching below

There’s a space after com

O.
--
Ondřej Surý
ond...@isc.org

> On 5 Dec 2019, at 13:29, Sten Carlsen  wrote:
>
>>
>> zone "internal.nixcraft.com " IN {
>> type master;
>> file "lan.master.nixcraft.com";
>>   };
>> };
>
> Looks like the file lan.master.nixcraft.com has no data.
>
>>
>> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
>> internal.nixcraft.com\032/IN/internal: has 0 SOA records
>> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
>> internal.nixcraft.com\032/IN/internal: has no NS records
>> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
>> internal.nixcraft.com\032/IN/internal: not loaded due to errors.
>>
>> Please help
>>
>> Thanks
>>
>> ___
>> Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
>> unsubscribe from this list
>>
>> bind-users mailing list
>> bind-users@lists.isc.org
>> https://lists.isc.org/mailman/listinfo/bind-users
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
> from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: What is wrong in the view matching below

2019-12-05 Thread Bob Harold

On Thu, Dec 5, 2019 at 8:49 AM Harshith Mulky 
wrote:

> Thank you. I corrected this
>
> acl internal {
>10.54.8.0/24;
>localhost;
> };
>
> view "external" {
>   match-clients { any; };
>   recursion no;
> zone "nixcraft.com" IN {
> type master;
> file "internet.master.nixcraft.com";
>   };
> };
> view "internal" {
> match-clients { internal; };
> allow-recursion { any; };
> zone "." in {
> type hint;
> file "root.hint";
> };
>
> zone "localhost" in {
> type master;
> file "localhost.zone";
> };
>
> zone "0.0.127.in-addr.arpa" in {
> type master;
> file "127.0.0.zone";
> };
>
> zone
> "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN
> {
> type master;
> file "127.0.0.zone";
> };
>
> zone "internal.nixcraft.com" IN {
> type master;
> file "lan.master.nixcraft.com";
>   };
> };
>
>
> But still getting same error
>
> /var/lib/named # named-checkzone internal.nixcraft.com
> lan.master.nixcraft.com
> lan.master.nixcraft.com:3: ignoring out-of-zone data (nixcraft.com)
> lan.master.nixcraft.com:10: ignoring out-of-zone data (nixcraft.com)
> lan.master.nixcraft.com:11: ignoring out-of-zone data (nixcraft.com)
> lan.master.nixcraft.com:13: ignoring out-of-zone data (nixcraft.com)
> lan.master.nixcraft.com:14: ignoring out-of-zone data (nixcraft.com)
> lan.master.nixcraft.com:16: ignoring out-of-zone data (nixcraft.com)
> lan.master.nixcraft.com:17: ignoring out-of-zone data (ns1.nixcraft.com)
> lan.master.nixcraft.com:18: ignoring out-of-zone data (ns2.nixcraft.com)
> lan.master.nixcraft.com:19: ignoring out-of-zone data (mail1.nixcraft.com)
> lan.master.nixcraft.com:20: ignoring out-of-zone data (mail2.nixcraft.com)
> lan.master.nixcraft.com:21: ignoring out-of-zone data (
> out-router.nixcraft.com)
> lan.master.nixcraft.com:23: ignoring out-of-zone data (wks1.nixcraft.com)
> lan.master.nixcraft.com:24: ignoring out-of-zone data (wks2.nixcraft.com)
> lan.master.nixcraft.com:25: ignoring out-of-zone data (wks3.nixcraft.com)
> lan.master.nixcraft.com:26: ignoring out-of-zone data (
> in-router.nixcraft.com)
> zone internal.nixcraft.com/IN: has 0 SOA records
> zone internal.nixcraft.com/IN: has no NS records
> zone internal.nixcraft.com/IN: not loaded due to errors.
>
>
> --
> *From:* Ondřej Surý 
> *Sent:* Thursday, December 5, 2019 6:42 PM
> *To:* Sten Carlsen 
> *Cc:* Harshith Mulky ;
> bind-users@lists.isc.org 
> *Subject:* Re: What is wrong in the view matching below
>
> There’s a space after com
>
> O.
> --
> Ondřej Surý
> ond...@isc.org
>
> > On 5 Dec 2019, at 13:29, Sten Carlsen  wrote:
> >
> >>
> >> zone "internal.nixcraft.com " IN {
> >> type master;
> >> file "lan.master.nixcraft.com";
> >>   };
> >> };
> >
> > Looks like the file lan.master.nixcraft.com has no data.
> >
> >>
> >> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
> >> internal.nixcraft.com\032/IN/internal:
> has 0 SOA records
> >> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
> >> internal.nixcraft.com\032/IN/internal:
> has no NS records
> >> Dec 05 17:51:54 sataradnsVM1 named[4038]: zone 
> >> internal.nixcraft.com\032/IN/internal:
> not loaded due to errors.
> >>
> >> Please help
> >>
> >> Thanks
>

named.conf says:
zone "internal.nixcraft.com" IN {
type master;
file "lan.master.nixcraft.com";

But the zone file has:
$ORIGIN nixcraft.com.

Is the zone "nixcraft.com" or "internal.nixcraft.com" ?  They need to match.

-- 
Bob Harold
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: What is wrong in the view matching below

2019-12-05 Thread Niall O'Reilly

On 5 Dec 2019, at 13:49, Harshith Mulky wrote:

> view "external" {
>
>   match-clients { any; };
>
>   recursion no;
>
> zone "nixcraft.com" IN {
>
>     type master;
>
>     file "internet.master.nixcraft.com";
>
>   };
>
> };
>
> view "internal" {
>
> match-clients { internal; };
>
> allow-recursion { any; };
>
 ...
> };

With the views in this order, the external view will always be used.

This is because the configuration is scanned from the top until a view
is found whose `match-clients` specification matches the requesting
client; that view is then used. Since you have `match-clients { any; };`
in the first view, scanning will stop there.

Niall O'Reilly
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: function in DNS to provide an answer depending on the source of query.

Re: function in DNS to provide an answer depending on the source of query.

What is wrong in the view matching below

Re: What is wrong in the view matching below

Re: What is wrong in the view matching below

Re: What is wrong in the view matching below

Re: What is wrong in the view matching below

Re: What is wrong in the view matching below

8 matches

Site Navigation

Mail list logo

Footer information