Re: Advice for DNS reverse zones

2019-02-07 Thread Mik J via bind-users
Hello Bob, Tony, Thank you for your answers, I'm going to study this topic. Regards Le mercredi 6 février 2019 à 21:11:59 UTC+1, Bob Harold a écrit : On Wed, Feb 6, 2019 at 1:03 PM Mik J via bind-users wrote: Hello, I would like to know how do you manage reverse zones and the 10.x.

Re: Classless Reverse Zones PTR Dig Format Issue

2019-02-07 Thread Matus UHLAR - fantomas via bind-users
On 07.02.19 12:53, Nagesh Thati wrote: I have created a network with *199.192.0.0/11 * and created 4 subnets with */13* mask in that network, Network: *199.192.0.0/11 : 192.199.in-addr.arpa*, Subnet1: *199.192.0.0/13 : 0-13.19

Forward zone inside a view

2019-02-07 Thread Roberto Carna
Dear, I have Bind 9.10.3 as our private DNS service with two views, one of them let some clients to query linux.org domain from Internet forwarding the query to our Bind resolvers, but the query is refused by our private Bind. The private Bind has these main parameters in named.conf.options: opti

Re: Forward zone inside a view

2019-02-07 Thread Tony Finch
Roberto Carna wrote: > Dear, I have Bind 9.10.3 as our private DNS service with two views, one of > them let some clients to query linux.org domain from Internet forwarding > the query to our Bind resolvers, but the query is refused by our private > Bind. You can't forward to an authoritative-on

Re: Forward zone inside a view

2019-02-07 Thread Roberto Carna
Dear Tony, I forward the "linux.org" queries from our private Bind to our Bind resolvers (they have authoritative public zones and also they are resolvers that forward the queries to 8.8.8.8). So why you say they are authoritative only servers? A I said, can I still use the forward option for "li

Re: Forward zone inside a view

2019-02-07 Thread Tony Finch
Roberto Carna wrote: > Dear Tony, I forward the "linux.org" queries from our private Bind to our > Bind resolvers (they have authoritative public zones and also they are > resolvers that forward the queries to 8.8.8.8). > > So why you say they are authoritative only servers? Oh, I misread your e

Re: Forward zone inside a view

2019-02-07 Thread Roberto Carna
Tony, as you said forwarding requires recursion but when I define: zone "linux. org" { recursion yes; type forward; forward only; forwarders { 172.18.1.1; 172.18.1.2; }; and after that I restart bind9

Re: Forward zone inside a view

2019-02-07 Thread Roberto Carna
When I query www.teamviewer from a desktop, I fail and get this error in dig: WARNING: recursion requested but not available In BIND I have in named.conf.local: zone "linux. org" { type forward; forwarders { 172.18.1.1; 172

Re: Forward zone inside a view

2019-02-07 Thread Tony Finch
Roberto Carna wrote: > > So how can I define "recursion yes" just for the zone "linux.org" ??? You can turn recursion on and off for the entire server, or per view, but not per zone. It isn't clear to me what you want this server to do. If it is providing DNS service to end-user devices (if it i

Re: Classless Reverse Zones PTR Dig Format Issue

2019-02-07 Thread G.W. Haywood via bind-users
Hi there, On Thu, 7 Feb 2019, Matus UHLAR - fantomas wrote: On 07.02.19 12:53, Nagesh Thati wrote: I have created a network with *199.192.0.0/11 * and created 4 subnets with */13* mask in that network, Network: *199.192.0.0/11 : 192.199.in-addr.arp

Re: Forward zone inside a view

2019-02-07 Thread Roberto Carna
Ok Tony, please let me explain to you. In our company we have several desktops from two different cities accessing only to internal domains distributed in two views in a private BIND with authoritative zones, where I've defined "recursion no;". But now we have to let them access to *.teamviewer.c

Re: Forward zone inside a view

2019-02-07 Thread Matus UHLAR - fantomas
On 07.02.19 14:58, Roberto Carna wrote: In our company we have several desktops from two different cities accessing only to internal domains distributed in two views in a private BIND with authoritative zones, where I've defined "recursion no;". But now we have to let them access to *.teamviewer

Re: Forward zone inside a view

2019-02-07 Thread Roberto Carna
Dear, thanks for your contact. I've used teamviewer.com just for tests. Desktops I mentioned can only access to web apps from internal domains, but in some web apps there are links to download Teamviewer client software from Internet. I can create a private zone "teamviewer.com" with all the hostn

Re: Forward zone inside a view

2019-02-07 Thread Alan Clegg
On 2/7/19 2:30 PM, Roberto Carna wrote: > Dear, thanks for your contact. I've used teamviewer.com > just for tests. > > Desktops I mentioned can only access to web apps from internal domains, > but in some web apps there are links to download Teamviewer client > software fr

Re: Forward zone inside a view

2019-02-07 Thread Paul Kosinski
I haven't analyzed the details and pitfalls, but could a Web proxy mechanism of some sort be of help? In particular, rather than having your users directly access "teamviewer.org" (or whatever), have them to access "teamviewer.local", which is resolved by your internal DNS to a specialized proxy se