date:20221213

How to configure , dig command support +subnet

2022-12-13 Thread 徐娅

25-Nov-2022 23:30:32.924 running on Linux x86_64
3.10.0-1127.el7.x86_64 #1 SMP Tue Mar 31 23:36:51 UTC 202025-Nov-2022
23:30:32.924 built with  '--prefix=/usr/local/bind-9.18.9'
'--enable-largefile' '--enable-epoll' '--enable-full-report'
'--disable-doh' '--enable-dnsrps-dl' '--enable-dnsrps'25-Nov-2022
23:30:32.924 running as: named -c named.conf -fg25-Nov-2022
23:30:32.924 compiled by GCC 4.8.5 20150623 (Red Hat
4.8.5-39)25-Nov-2022 23:30:32.924 compiled with OpenSSL version:
OpenSSL 1.0.2k-fips  26 Jan 201725-Nov-2022 23:30:32.924 linked to
OpenSSL version: OpenSSL 1.0.2k-fips  26 Jan 201725-Nov-2022
23:30:32.924 compiled with zlib version: 1.2.725-Nov-2022 23:30:32.924
linked to zlib version: 1.2.725-Nov-2022 23:30:32.924
25-Nov-2022
23:30:32.924 BIND 9 is maintained by Internet Systems
Consortium,25-Nov-2022 23:30:32.924 Inc. (ISC), a non-profit 501(c)(3)
public-benefit25-Nov-2022 23:30:32.924 corporation.  Support and
training for BIND 9 are25-Nov-2022 23:30:32.924 available at
https://www.isc.org/support



# cat named.conf... .. ...options {listen-onport 353 {
any; };listen-on-v6 port 353 { any; };directory
"/root/edns/named";allow-query {any;};allow-recursion
{   any;};empty-zones-enable no;pid-file
"/root/edns/named/run/named.pid";};view "aaa" {match-clients {
10.105.0.0/16;   };zone "abc.com" {type master;
file "aaa/abc.com";};};view "bbb" {match-clients {
10.106.0.0/26;   };zone "abc.com" {type master;
file "bbb/abc.com";};};view "idc-default" {match-clients {
any;  };zone "abc.com" {type master;file
"any/abc.com";};};# cat named/aaa/abc.com... ...www 600 IN TXT
aaa# cat named/bbb/abc.comwww 600 IN TXT bbb# cat named/ccc/abc.comwww
600 IN TXT ccc


# dig @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.105.2.2; <<>> DiG
9.18.9 <<>> @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.105.2.2; (1
server found);; global options: +cmd;; Got answer:;; ->>HEADER<<-
opcode: QUERY, status: NOERROR, id: 7948;; flags: qr aa rd ra; QUERY:
1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS:
version: 0, flags:; udp: 1232; COOKIE:
075abe1b7a9c177a01006380ded9dc3ca0fc1bae43d4 (good);
CLIENT-SUBNET: 10.105.2.2/32/0;; QUESTION
SECTION:;txt.abc.com.   IN  TXT;; ANSWER
SECTION:txt.abc.com.600 IN  TXT "any";; Query time: 1 
msec;; SERVER:
127.0.0.1#353(127.0.0.1) (UDP);; WHEN: Fri Nov 25 23:27:21 CST 2022;;
MSG SIZE  rcvd: 99

I expect +subnet=10.105.2.2, return *aaa*, but returned any

# dig @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.105.2.2any

I expect +subnet=10.106.3.3, return *bbb*, but returned any

# dig @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.106.3.3any


How do I change named.conf?
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to configure , dig command support +subnet

2022-12-13 Thread Greg Choules via bind-users

Hello.
What exact version of BIND are you running? "named -V" From dig it *looks*
like you are running 9.18.9.
ECS support only exists in the subscription editions of BIND (-S suffix)
and to get that you need to be an eligible ISC support customer.

Thanks, Greg

On Tue, 13 Dec 2022 at 10:48, 徐娅  wrote:

> 25-Nov-2022 23:30:32.924 running on Linux x86_64 3.10.0-1127.el7.x86_64 #1 
> SMP Tue Mar 31 23:36:51 UTC 202025-Nov-2022 23:30:32.924 built with  
> '--prefix=/usr/local/bind-9.18.9' '--enable-largefile' '--enable-epoll' 
> '--enable-full-report' '--disable-doh' '--enable-dnsrps-dl' 
> '--enable-dnsrps'25-Nov-2022 23:30:32.924 running as: named -c named.conf 
> -fg25-Nov-2022 23:30:32.924 compiled by GCC 4.8.5 20150623 (Red Hat 
> 4.8.5-39)25-Nov-2022 23:30:32.924 compiled with OpenSSL version: OpenSSL 
> 1.0.2k-fips  26 Jan 201725-Nov-2022 23:30:32.924 linked to OpenSSL version: 
> OpenSSL 1.0.2k-fips  26 Jan 201725-Nov-2022 23:30:32.924 compiled with zlib 
> version: 1.2.725-Nov-2022 23:30:32.924 linked to zlib version: 
> 1.2.725-Nov-2022 23:30:32.924 
> 25-Nov-2022 23:30:32.924 
> BIND 9 is maintained by Internet Systems Consortium,25-Nov-2022 23:30:32.924 
> Inc. (ISC), a non-profit 501(c)(3) public-benefit25-Nov-2022 23:30:32.924 
> corporation.  Support and training for BIND 9 are25-Nov-2022 23:30:32.924 
> available at https://www.isc.org/support
>
>
>
> # cat named.conf... .. ...options {listen-onport 353 { any; };
> listen-on-v6 port 353 { any; };directory   "/root/edns/named";
> allow-query { any;};allow-recursion { any;};
> empty-zones-enable no;pid-file "/root/edns/named/run/named.pid";};view 
> "aaa" {match-clients {10.105.0.0/16;   };zone "abc.com" {
> type master;file "aaa/abc.com";};};view "bbb" {match-clients 
> { 10.106.0.0/26;   };zone "abc.com" {type master;file 
> "bbb/abc.com";};};view "idc-default" {match-clients {  any;  };
> zone "abc.com" {type master;file "any/abc.com";};};# cat 
> named/aaa/abc.com... ...www 600 IN TXT aaa# cat named/bbb/abc.comwww 600 IN 
> TXT bbb# cat named/ccc/abc.comwww 600 IN TXT ccc
>
>
> # dig @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.105.2.2; <<>> DiG 9.18.9 
> <<>> @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.105.2.2; (1 server found);; 
> global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: 
> NOERROR, id: 7948;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, 
> ADDITIONAL: 1;; OPT PSEUDOSECTION:; EDNS: version: 0, flags:; udp: 1232; 
> COOKIE: 075abe1b7a9c177a01006380ded9dc3ca0fc1bae43d4 (good); 
> CLIENT-SUBNET: 10.105.2.2/32/0;; QUESTION SECTION:;txt.abc.com.   
> IN  TXT;; ANSWER SECTION:txt.abc.com.   600 IN
>   TXT "any";; Query time: 1 msec;; SERVER: 127.0.0.1#353(127.0.0.1) 
> (UDP);; WHEN: Fri Nov 25 23:27:21 CST 2022;; MSG SIZE  rcvd: 99
>
> I expect +subnet=10.105.2.2, return *aaa*, but returned any
>
> # dig @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.105.2.2any
>
> I expect +subnet=10.106.3.3, return *bbb*, but returned any
>
> # dig @127.0.0.1 -p 353 txt.abc.com txt +subnet=10.106.3.3any
>
>
> How do I change named.conf?
>
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: How to configure , dig command support +subnet

2022-12-13 Thread Darren Ankney

It seems like you might also need "match-destinations" to be defined, at least 
that is how i interpret this: 
https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-match-destinations


> On Dec 13, 2022, at 5:47 AM, 徐娅  wrote:
> 
> 25-Nov-2022 23:30:32.924 running on Linux x86_64 3.10.0-1127.el7.x86_64 #1 
> SMP Tue Mar 31 23:36:51 UTC 2020
> 25-Nov-2022 23:30:32.924 built with  '--prefix=/usr/local/bind-9.18.9' 
> '--enable-largefile' '--enable-epoll' '--enable-full-report' '--disable-doh' 
> '--enable-dnsrps-dl' '--enable-dnsrps'
> 25-Nov-2022 23:30:32.924 running as: named -c named.conf -fg
> 25-Nov-2022 23:30:32.924 compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-39)
> 25-Nov-2022 23:30:32.924 compiled with OpenSSL version: OpenSSL 1.0.2k-fips  
> 26 Jan 2017
> 25-Nov-2022 23:30:32.924 linked to OpenSSL version: OpenSSL 1.0.2k-fips  26 
> Jan 2017
> 25-Nov-2022 23:30:32.924 compiled with zlib version: 1.2.7
> 25-Nov-2022 23:30:32.924 linked to zlib version: 1.2.7
> 25-Nov-2022 23:30:32.924 
> 25-Nov-2022 23:30:32.924 BIND 9 is maintained by Internet Systems Consortium,
> 25-Nov-2022 23:30:32.924 Inc. (ISC), a non-profit 501(c)(3) public-benefit
> 25-Nov-2022 23:30:32.924 corporation.  Support and training for BIND 9 are
> 25-Nov-2022 23:30:32.924 available at https://www.isc.org/support
> 
> 
> # cat named.conf
> ... ...
> ... ...
> options {
> listen-onport 353 { any; };
> listen-on-v6 port 353 { any; };
> directory   "/root/edns/named";
> allow-query { any;};
> allow-recursion { any;};
> 
> empty-zones-enable no;
> 
> pid-file "/root/edns/named/run/named.pid";
> 
> };
> 
> view "aaa" {
> match-clients {10.105.0.0/16 ;   };
> zone "abc.com " {
> type master;
> file "aaa/abc.com ";
> };
> };
> 
> view "bbb" {
> match-clients { 10.106.0.0/26 ;   };
> zone "abc.com " {
> type master;
> file "bbb/abc.com ";
> };
> };
> 
> view "idc-default" {
> match-clients {  any;  };
> zone "abc.com " {
> type master;
> file "any/abc.com ";
> };
> };
> 
> # cat named/aaa/abc.com 
> ... ...
> www 600 IN TXT aaa
> 
> # cat named/bbb/abc.com 
> www 600 IN TXT bbb
> 
> # cat named/ccc/abc.com 
> www 600 IN TXT ccc
> 
> # dig @127.0.0.1  -p 353 txt.abc.com  
> txt +subnet=10.105.2.2
> 
> ; <<>> DiG 9.18.9 <<>> @127.0.0.1  -p 353 txt.abc.com 
>  txt +subnet=10.105.2.2
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7948
> ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
> 
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 1232
> ; COOKIE: 075abe1b7a9c177a01006380ded9dc3ca0fc1bae43d4 (good)
> ; CLIENT-SUBNET: 10.105.2.2/32/0 
> ;; QUESTION SECTION:
> ;txt.abc.com .   IN  TXT
> 
> ;; ANSWER SECTION:
> txt.abc.com .600 IN  TXT "any"
> 
> ;; Query time: 1 msec
> ;; SERVER: 127.0.0.1#353(127.0.0.1) (UDP)
> ;; WHEN: Fri Nov 25 23:27:21 CST 2022
> ;; MSG SIZE  rcvd: 99
> 
> I expect +subnet=10.105.2.2, return aaa, but returned any
> 
> # dig @127.0.0.1  -p 353 txt.abc.com  
> txt +subnet=10.105.2.2
> any
> I expect +subnet=10.106.3.3, return bbb, but returned any
> 
> # dig @127.0.0.1  -p 353 txt.abc.com  
> txt +subnet=10.106.3.3
> any
> 
> How do I change named.conf?
> 
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
> this list
> 
> ISC funds the development of this software with paid support subscriptions. 
> Contact us at https://www.isc.org/contact/ for more information.
> 
> 
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users



signature.asc
Description: Message signed with OpenPGP
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

How to configure , dig command support +subnet

Re: How to configure , dig command support +subnet

Re: How to configure , dig command support +subnet

3 matches

Site Navigation

Mail list logo

Footer information