"sinkhole" DNS with external hosts

Sat, 19 Sep 2015 06:41:47 -0700 

Hello DNS gurus,

I'm mastering a sinkhole DNS for a quarantine VLAN. My sinkhole DNS resolves 
any request to the same host - so that the quarantined clients get redirected 
to my server. I have following DNS configuration (running bind-9.8.2-0.17.rc1 
on RHEL 6.4):

options {
        listen-on port 53 { 10.10.0.1;};
        // listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { 10.10.0.0/24; };
        allow-transfer {"none";};
        recursion no;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type master;
        file "/var/named/named.sinkhole";
};

// include "/etc/named.rfc1912.zones";

include "/etc/named.root.key";

The file /var/named/named.sinkhole has following content:

$TTL 600
@       IN SOA  localhost root.localhost. (
                                        11      ; serial
                                        3H      ; refresh
                                        15M     ; retry
                                        1W      ; expire
                                        1D )    ; minimum
        IN NS   @
        IN A    10.10.0.1
*       IN A    10.10.0.1

So far this is working perfect.
I have a new requirement now - the quarantined client should have an access to 
an external host. I haved added following configuration to /etc/named.conf:

zone "test.com" IN {
        type master;
        file "/var/named/named.test";
};

/var/named/named.test:


$TTL 600
@       IN SOA  ns.test.com. root.localhost. (
                                        22      ; serial
                                        3H      ; refresh
                                        15M     ; retry
                                        1W      ; expire
                                        1D )    ; minimum
        IN NS   ns.test.com.
ns      IN A    10.10.0.1
www     IN A    X.X.X.X ;; X is replaced to an actual IP address

Unfortunately my naive approach did not work. "www.test.com" is still resolved 
to 10.10.0.1 and I see that the global zone "." is always hit unless I comment 
out the global zone definition.

I'm a bit new in DNS. Any help is appreciated. Ideally my DNS should delegate 
the "www.test.com" request and do not store its IP locally.
 
Many Thanks,

Sergey Emantayev
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to