Re: BIND9 Return different IP address based on subnet
At Sat, 3 Jan 2015 19:24:47 +0100, Christian Kette wrote: I have found a workaround. I defined a different zone for every network A simpler solution might be to use a sortlist. From the ARM: 6.2.16.13 The sortlist Statement The response to a DNS query may consist of multiple resource records (RRs) forming a resource records set (RRset). The name server will normally return the RRs within the RRset in an indeterminate order (but see the rrset-order statement in Section 6.2.16.14). The client resolver code should rearrange the RRs as appropriate, that is, using any addresses on the local net in preference to other addresses. However, not all resolvers can do this or are correctly configured. When a client is using a local server, the sorting can be performed in the server, based on the client’s address. This only requires configuring the name servers, not all the clients. Niall ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 Return different IP address based on subnet
Hello Niall, thank you for the advice. I will stay with my solution. Never touch a running system ;) I would consider this topic as closed by now. If anyone with a similar question needs my assistance, I would be glad to help Thanks! 2015-01-05 18:27 GMT+01:00 Christian Hain sunrisech...@gmail.com: Hello Niall, thank you for the advice. I will stay with my solution. Never touch a running system ;) I would consider this topic as closed by now. If anyone with a similar question needs my assistance, I would be glad to help Thanks! 2015-01-05 13:02 GMT+01:00 Niall O'Reilly niall.orei...@ucd.ie: At Sat, 3 Jan 2015 19:24:47 +0100, Christian Kette wrote: I have found a workaround. I defined a different zone for every network A simpler solution might be to use a sortlist. From the ARM: 6.2.16.13 The sortlist Statement The response to a DNS query may consist of multiple resource records (RRs) forming a resource records set (RRset). The name server will normally return the RRs within the RRset in an indeterminate order (but see the rrset-order statement in Section 6.2.16.14). The client resolver code should rearrange the RRs as appropriate, that is, using any addresses on the local net in preference to other addresses. However, not all resolvers can do this or are correctly configured. When a client is using a local server, the sorting can be performed in the server, based on the client’s address. This only requires configuring the name servers, not all the clients. Niall ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: BIND9 Return different IP address based on subnet
We use sortlists quite effectively, but there are some caveats to that approach: 1) If you have clients using rogue resolvers without any sortlist definitions, that will limit the effectiveness of the technique somewhat 2) You need some discipline to keep the sortlist definitions up-to-date as networks/subnets are renumbered, re-assigned, etc. If you have many nameservers, it helps to have a centralized/co-ordinated mechanism to maintain/propagate your nameserver configs (we use Infoblox, for instance) 3) Sortlisting is never a 100% solution and should not be used for applications which treat connecting to the wrong IP (rarely, occasionally) as a *fatal* error. At the very least, if the app tries to connect to a wrong IP, and is not able to do so (because of routing, firewall rules, ACLs, etc.) it should fail over in a timely fashion to the next IP in the list. It shouldn't just die. - Kevin -Original Message- From: bind-users-boun...@lists.isc.org [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Niall O'Reilly Sent: Monday, January 05, 2015 7:03 AM To: Christian Kette Cc: bind-users@lists.isc.org; Jeremy C. Reed Subject: Re: BIND9 Return different IP address based on subnet At Sat, 3 Jan 2015 19:24:47 +0100, Christian Kette wrote: I have found a workaround. I defined a different zone for every network A simpler solution might be to use a sortlist. From the ARM: 6.2.16.13 The sortlist Statement The response to a DNS query may consist of multiple resource records (RRs) forming a resource records set (RRset). The name server will normally return the RRs within the RRset in an indeterminate order (but see the rrset-order statement in Section 6.2.16.14). The client resolver code should rearrange the RRs as appropriate, that is, using any addresses on the local net in preference to other addresses. However, not all resolvers can do this or are correctly configured. When a client is using a local server, the sorting can be performed in the server, based on the client’s address. This only requires configuring the name servers, not all the clients. Niall ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 Return different IP address based on subnet
I have found a workaround.
I defined a different zone for every network
My config files are now
/tec/bind/named.conf
include /etc/bind/named.conf.options;
include /etc/bind/named.conf.local;
/etc/bind/named.conf.local
view local {
match-clients { localhost; };
zone home.lan IN {
type master;
file /etc/bind/db.home.lan;
};
};
view ext {
match-clients { 192.168.2.0/24;};
zone home2.lan IN {
type master;
file /etc/bind/db.rev.2.168.192.in-addr.arpa;
};
};
view wlan0 {
match-clients { 192.168.3.0/24;};
zone home3.lan IN {
type master;
file /etc/bind/db.rev.3.168.192.in-addr.arpa;
};
};
view wlan00 {
match-clients {192.168.4.0/24;};
zone home4.lan IN {
type master;
file /etc/bind/db.rev.4.168.192.in-addr.arpa;
};
};
view wlan01 {
match-clients {192.168.5.0/24;};
zone home5.lan IN {
type master;
file /etc/bind/db.rev.5.168.192.in-addr.arpa;
};
};
view int {
match-clients {192.168.10.0/24;};
zone home10.lan IN {
type master;
file /etc/bind/db.rev.10.168.192.in-addr.arpa;
};
};
/etc/bind/db.rev.10.168.192.in-addr.arpa
; IP Address-to-Host DNS Pointers for the 192.168.10 subnet
home10.lan. IN SOA DEV.home10.lan. hostmaster.home10.lan. (
2013120101 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
; define the authoritative name server
home10.lan. IN NS DEV.home10.lan.
home10.lan. IN MX 10 DEV.home10.lan.
localhost IN A 127.0.0.1
DEV IN A 192.168.10.1
router IN A 192.168.10.1
proxy IN CNAME DEV.home10.lan.
wpad IN A 192.168.10.1
2014-12-28 19:59 GMT+01:00 chriswaeldc...@outlook.de:
Thank you for the helpful answer.
I changed the file /etc/bind/named.conf.local to
view local {
match-clients { 127.0.0.1; };
zone home.lan IN {
type master;
file /etc/bind/db.home.lan;
};
};
view ext {
match-clients { 192.168.2.0/24;};
zone 2.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.2.168.192.in-addr.arpa;
};
};
view wlan0 {
match-clients { 192.168.3.0/24;};
zone 3.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.3.168.192.in-addr.arpa;
};
};
view wlan00 {
match-clients {192.168.4.0/24;};
zone 4.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.4.168.192.in-addr.arpa;
};
};
view wlan01 {
match-clients {192.168.5.0/24;};
zone 5.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.5.168.192.in-addr.arpa;
};
};
view int {
match-clients {192.168.10.0/24;};
zone 10.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.10.168.192.in-addr.arpa;
};
};
But now I get Non-existent domain error (on the raspberry machine) for
- nslookup localhost
- nslookup DEV.home.lan
I don't understand why it can't find neither the localhost nor the
DEV.home.lan entry in /etc/bind/db.home.lan
2014-12-27 22:57 GMT+01:00 Jeremy C. Reed jr...@isc.org:
On Sat, 27 Dec 2014, Christian Kette wrote:
I have some questions. Q1: Why do I get the IP address 192.168.2.100
for
DEV.home.lan from both the 192.168.2.0/24 and the 192.168.10.0/24
network?
The view that matches first is used.
#include /etc/bind/named.conf.default-zones;
...
Q2: What exactly are these zones in the file for? Do I need them?
You didn't include the file in the email. But I found a copy via google
which may be the same. You probably don't need it. (For example, the
priming hints are builtin to named.)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 Return different IP address based on subnet
On 03.01.15 19:24, Christian Kette wrote: I have found a workaround. I defined a different zone for every network I repeat: you don't need views when having different zones. You would need views if you had the same zone with different content. -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 Return different IP address based on subnet
On 28.12.14 19:59, Christian Kette wrote:
Thank you for the helpful answer.
I changed the file /etc/bind/named.conf.local to
[...]
view ext {
match-clients { 192.168.2.0/24;};
zone 2.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.2.168.192.in-addr.arpa;
};
};
view wlan0 {
match-clients { 192.168.3.0/24;};
zone 3.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.3.168.192.in-addr.arpa;
};
};
[...]
the point of views it not to have different zones, you need views when you
have different versions of the same zone.
in your example you could use single view with all of the zones.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I wonder how much deeper the ocean would be without sponges.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 Return different IP address based on subnet
Thank you for the helpful answer.
I changed the file /etc/bind/named.conf.local to
view local {
match-clients { 127.0.0.1; };
zone home.lan IN {
type master;
file /etc/bind/db.home.lan;
};
};
view ext {
match-clients { 192.168.2.0/24;};
zone 2.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.2.168.192.in-addr.arpa;
};
};
view wlan0 {
match-clients { 192.168.3.0/24;};
zone 3.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.3.168.192.in-addr.arpa;
};
};
view wlan00 {
match-clients {192.168.4.0/24;};
zone 4.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.4.168.192.in-addr.arpa;
};
};
view wlan01 {
match-clients {192.168.5.0/24;};
zone 5.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.5.168.192.in-addr.arpa;
};
};
view int {
match-clients {192.168.10.0/24;};
zone 10.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.10.168.192.in-addr.arpa;
};
};
But now I get Non-existent domain error (on the raspberry machine) for
- nslookup localhost
- nslookup DEV.home.lan
I don't understand why it can't find neither the localhost nor the
DEV.home.lan entry in /etc/bind/db.home.lan
2014-12-27 22:57 GMT+01:00 Jeremy C. Reed jr...@isc.org:
On Sat, 27 Dec 2014, Christian Kette wrote:
I have some questions. Q1: Why do I get the IP address 192.168.2.100
for
DEV.home.lan from both the 192.168.2.0/24 and the 192.168.10.0/24
network?
The view that matches first is used.
#include /etc/bind/named.conf.default-zones;
...
Q2: What exactly are these zones in the file for? Do I need them?
You didn't include the file in the email. But I found a copy via google
which may be the same. You probably don't need it. (For example, the
priming hints are builtin to named.)
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
BIND9 Return different IP address based on subnet
Hello,
I've got a raspberry pi with 5 network interfaces (3 WLAN and
two wired LAN).
Also, I have set up a BIND 9 server. Now I want to give the PI (the
hostname is DEV) a different IP address for every single interface.
For example: when a client from the network 192.168.2.0/24 looks up
the hostname DEV.home.lan, he should get the response that
DEV.home.lan has the IP 192.168.2.100.
When a client of the 192.168.10.0/24 network looks up that hostname, the
IP should be 192.168.10.1.
As far as I know, this can be done using views. I could'nt get it working so I
have some questions.
Q1: Why do I get the IP address 192.168.2.100 for DEV.home.lan from both
the 192.168.2.0/24 and the 192.168.10.0/24 network?
The configuration files are set up as follows:
1.
/etc/bin/named.conf
include /etc/bind/named.conf.options;
include /etc/bind/named.conf.local;
#include /etc/bind/named.conf.default-zones;
I had to comment out the last line with the default-zones file because
otherwise I get the error /etc/bind/named.conf.default-zones:2: when using
'view' statements, all zones must be in views (I think it's a default config
file, but I can provide it when necessary).
Q2: What exactly are these zones in the file for? Do I need them?
2.
/etc/bind/named.conf.options
options {
directory /var/cache/bind;
forwarders {
8.8.8.8;
8.8.4.4;
};
dnssec-validation no;
empty-zones-enable yes;
auth-nxdomain no;# conform to RFC1035
listen-on-v6 { any; };
};
I don't think the error is in that file.
3.
/etc/bind/named.conf.local
view local {
match-clients { any; };
zone home.lan IN {
type master;
file /etc/bind/db.home.lan;
};
};
view ext {
match-clients { 192.168.2.0/24;};
zone 2.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.2.168.192.in-addr.arpa;
};
};
view wlan0 {
match-clients { 192.168.3.0/24;};
zone 3.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.3.168.192.in-addr.arpa;
};
};
view wlan00 {
match-clients {192.168.4.0/24;};
zone 4.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.4.168.192.in-addr.arpa;
};
};
view wlan01 {
match-clients {192.168.5.0/24;};
zone 5.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.5.168.192.in-addr.arpa;
};
};
view int {
match-clients {192.168.10.0/24;};
zone 10.168.192.in-addr.arpa {
type master;
file /etc/bind/db.rev.10.168.192.in-addr.arpa;
};
};
4.
/etc/bind/db.home.lan
home.lan. IN SOA DEV.home.lan. hostmaster.home.lan. (
2013120101 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
home.lan. IN NSDEV.home.lan.
home.lan. IN MX 10 DEV.home.lan.
; Set the address for localhost.home.lan
localhostIN A 127.0.0.1
; Set the hostnames in alphabetical order
DEVIN A 192.168.2.100
router IN A 192.168.2.1
proxy IN CNAME DEV.home.lan.
wpad IN CNAME DEV.home.lan.
And finally, /etc/bind/db.rev.10.168.192.in-addr.arpa
; IP Address-to-Host DNS Pointers for the 192.168.10 subnet
@ IN SOA DEV.home.lan. hostmaster.home.lan. (
2013120101 ; serial
8H ; refresh
4H ; retry
4W ; expire
1D ; minimum
)
; define the authoritative name server
IN NS DEV.home.lan.
; our hosts, in numeric order
1 IN PTR router.home.lan.
1 IN PTR DEV.home.lan.
Thank you!
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND9 Return different IP address based on subnet
On Sat, 27 Dec 2014, Christian Kette wrote: I have some questions. Q1: Why do I get the IP address 192.168.2.100 for DEV.home.lan from both the 192.168.2.0/24 and the 192.168.10.0/24 network? The view that matches first is used. #include /etc/bind/named.conf.default-zones; ... Q2: What exactly are these zones in the file for? Do I need them? You didn't include the file in the email. But I found a copy via google which may be the same. You probably don't need it. (For example, the priming hints are builtin to named.) ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
