In message <CADdUxCw0VkFMM=ngsjzr-mzrbdaub_81apdpgod-j_etmae...@mail.gmail.com> , Stephen Pape writes: > That doesn't work for me. When machine1.domain1.foo tries to look up > the SRV record, it queries for _vlmcs._tcp.domain1.foo. Bind doesn't > have that record, so it doesn't work.
Well add it. If you need need change control independent of domain1.foo then get _vlmcs._tcp.domain1.foo delegated to you and set up a zone rather like this. _vlmcs._tcp.domain1.foo. 3600 SOA ... _vlmcs._tcp.domain1.foo. 3600 NS ... _vlmcs._tcp.domain1.foo. 3600 NS ... _vlmcs._tcp.domain1.foo. 3600 SRV ... or setup dynamic update with the right permission and use nsupdate to modifiy the records using SIG(0). _vlmcs._tcp.domain1.foo. 3600 KEY ... update-policy { grant * self * SRV KEY; }; Which allows someone with the matching private key to update the SRV and KEY records for records with names which match the KEY's name. update-policy { grant * selfsub *; }; This allows a host once a KEY record is added to update its address records and add SRV and other records below itself using SIG(0). If you put a key record at the zone apex you can use that to add KEY records for each of the hosts to let them control their own DNS presence. Mark > On Mon, Oct 31, 2016 at 1:08 PM, Eldridge, Rod A [ITNET] > <r...@iastate.edu> wrote: > > > > Wouldn't you just need this one SRV record: > > > > _vlmcs._tcp.foo IN SRV 0 0 1688 ais-dc01.ainfosec.com. > > > > [ see https://blogs.technet.microsoft.com/odsupport/2011/11/14/how-to-disco > ver-office-and-windows-kms-hosts-via-dns-and-remove-unauthorized-instances/ ] > > > > > > -- > > Rod Eldridge > > Networks & Communications > > IT Services, Iowa State University of Science and Technology > > > > > > > >> On Oct 31, 2016, at 11:35 AM, Stephen Pape <srp...@gmail.com> wrote: > >> > >> Hello all, > >> > >> I have bind configured with a single TLD (.foo), and inside that are > >> records for a large number of subdomains (machine1.a.foo, > >> machine2.a.foo, machine1.b.foo, machine2.b.foo, etc.). DHCP clients > >> are assigned a domain based on some factors, but it might be a.foo, > >> b.foo, c.foo, etc. > >> > >> I'm trying to add a SRV record for everyone under .foo. I've tried: > >> > >> _vlmcs._tcp.*.foo. IN SRV 0 0 1688 ais-dc01.ainfosec.com. > >> > >> ... but it seems that wildcards don't work that way. I've tried > >> something similar with CNAMEs, but that didn't work either. > >> > >> What DOES work is adding a CNAME record for each and every domain that > >> I need. So a CNAME for _vlmcs._tcp.a.foo, _vlmcs._tcp.b.foo, etc. > >> > >> Is there a better way for me to do this, or do I have to generate a > >> whole lot of specific CNAME records? > >> > >> Thanks! > >> > >> -Stephen > >> _______________________________________________ > >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscr > ibe from this list > >> > >> bind-users mailing list > >> bind-users@lists.isc.org > >> https://lists.isc.org/mailman/listinfo/bind-users > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users