Re: per record responses based on originating IP
On 5/12/22 2:41 PM, Nick Tait via bind-users wrote: This sounds like exactly the sort of use case for Response Policy Zones: How are you going to have RPZ return different addresses for different clients? Are you suggesting use different RPZs with different contents for different clients? -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: per record responses based on originating IP
On 13/05/2022 12:30 am, Angus Clarke wrote: Does bind have some simple way to respond differently based on source address but on a per record basis? Or perhaps include a baseline zone in a view and separately include differences for that view - something like this perhaps? Hi Angus. This sounds like exactly the sort of use case for Response Policy Zones: https://bind9.readthedocs.io/en/v9_18_2/reference.html#response-policy-zone-rpz-rewriting Nick. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: per record responses based on originating IP
On 5/12/22 6:30 AM, Angus Clarke wrote: Hello Hi, With bind (and others) it seems that DNS views are the way to go, Before stepping up to views I'd stop to ask the question, would returning multiple IPs in a preferred sort order suffice? BIND has the ability to sort RRs differently based on different client criteria. Does bind have some simple way to respond differently based on source address but on a per record basis? Or perhaps include a baseline zone in a view and separately include differences for that view - something like this perhaps? If sorting of replies won't suffice, please provide a hypothetical example of a couple of different clients & responses for an example RR. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
per record responses based on originating IP
Hello I'm familiar with Dan Bernstein's aging DNS software. With it I can add location based responses to individual records, so that the DNS can respond differently to a name lookup according to the source network/IP on a per-record basis. With bind (and others) it seems that DNS views are the way to go, however as far as I understand I have to recreate an entire zone for each view, which seems a bit overkill for a zone of hundreds of records to only have a handful of records responded to differently. Does bind have some simple way to respond differently based on source address but on a per record basis? Or perhaps include a baseline zone in a view and separately include differences for that view - something like this perhaps? Thanks Angus -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Determining Which Authoritative Sever to Use
On Wed, May 11, 2022 at 4:34 PM Grant Taylor via bind-users <
bind-users@lists.isc.org> wrote:
> On 5/11/22 2:19 PM, Bob Harold wrote:
> > Not sure who set it up, but my DHCP servers have for some zones:
> >
> > zone x.y.z.in-addr.arpa
> > {
> > primary 10.2.3.4;
> > }
>
> I'm assuming that is BIND's named.conf syntax.
>
> > Which I believe overrides the MNAME lookup.
>
> Doesn't that just tell BIND where to initiate a zone transfer from?
>
> I didn't think that it altered the zone contents in any way.
>
> Aside: I'm not connecting the dots of what this has to do with the
> larger conversation, /unless/ you are thinking that it alters the zone
> contents or at least what's returned to clients querying this DNS server.
>
>
>
> --
> Grant. . . .
> unix || die
>
>
If DHCP clients are doing the dynamic DNS updates, then what I said is
irrelevant.
If the DHCP server is doing the dynamic DHCP updates for the clients, then
the DHCP server can be configured as shown (in /etc/dhcpd.conf) to tell
them what DNS server to use. I use this because I trust the server more
than the clients, but I am sure there are more trade offs to consider.
--
Bob Harold
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support subscriptions.
Contact us at https://www.isc.org/contact/ for more information.
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
