Re: Internal CNAME in RPZ

Thu, 24 Oct 2019 06:22:16 -0700

Hi, Bob, thank you for response!
 
What if I want to make following configuration (as an example):
 
domain.com    A    10.10.10.10
*.domain.com  CNAME    domain.com
 
I don't want to write 10.10.10.10 twice, I want to use magic of CNAME's here.
 
> Do you want cname.domain.com to point to 10.10.10.10?  Then use an A record to 10.10.10.10.
This sentence sounds like «CNAME are useless at all» :-). Do you want some domain to point to some address? The use an A record, not CNAME!
 
Additionally, I already use patched version of BIND. Maybe it is possible to make some patch for allowing this behaivor?
 
Andrey
 
24.10.2019, 18:06, "Bob Harold" <rharo...@umich.edu>:
 
On Wed, Oct 23, 2019 at 10:34 AM Andrey Geyn <andg...@yandex-team.ru> wrote:
Hello, I would like to set up RPZ with CNAME and A. There are two options:
 
1.
cname.domain.com        CNAME   test.domain.com    (without trailing dot)
test.domain.com         A       10.10.10.10
 
There is a misunderstanding here.  You would never redirect a domain in RPZ to another domain in RPZ.
Domains in RPZ must always be redirected to a real domain.  You cannot point it to the wrong place, and then expect it to be redirected again.  It does not work that way.
Those two RPZ entries are completely separate.
Do you want cname.domain.com to point to 10.10.10.10?  Then use an A record to 10.10.10.10.
Do you want cname.domain.com to point to some real domain name (probably a name you control, like a walled garden, or error page)?  Then CNAME to that real name.
 
-- 
Bob Harold
 
 
 
In this case I receive
 
...
cname.domain.com.       5       IN      CNAME   test.domain.com.rpz.
test.domain.com.rpz.    3600    IN      A       10.10.10.10
...
 
So, it looks good, but RPZ name is visible, which is unwanted for me.
 
2.
cname.domain.com        CNAME   test.domain.com.      (with trailing dot)
test.domain.com         A       10.10.10.10
 
In this case I receive
 

# dig cname.domain.com @127.0.0.1

cname.domain.com.       5       IN      CNAME   test.domain.com.
test.domain.com.        531     IN      A       66.96.162.92
 
(66.98.162.92 is real, «internet» address of test.domain.com)
 
 
Is it possible to make configuration for internal CNAME's in RPZ in which RPZ name will be not visible to user?
 
Best regards,
Andrey Geyn
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to