Re: Combining forward with master zone.
Thank you all for your help with this.
--
Hal
On 2/21/19, 4:04 AM, "bind-users on behalf of Matus UHLAR - fantomas"
wrote:
>On Wed, Feb 20, 2019 at 3:40 PM King, Harold Clyde (Hal)
>wrote:
>> Could I just define needs.example.com as a zone in a separate file so:
>>
>> zone "example.com" { type master; notify no; file "static/antiphish.db";
>> };
>>
>> zone "needs.example.com" { type forward; forwards{8.8.8.8;};
On 20.02.19 16:08, Kevin Darcy wrote:
>Delegate needs.example.com from example.com and you should be set.
if this is not clear enough, it means that the "example.com" zone stored in
"static/antiphish.db" file must contain NS record for "needs":
needs NS your.name.server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to
unsubscribe from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
On Wed, Feb 20, 2019 at 3:40 PM King, Harold Clyde (Hal)
wrote:
Could I just define needs.example.com as a zone in a separate file so:
zone "example.com" { type master; notify no; file "static/antiphish.db";
};
zone "needs.example.com" { type forward; forwards{8.8.8.8;};
On 20.02.19 16:08, Kevin Darcy wrote:
Delegate needs.example.com from example.com and you should be set.
if this is not clear enough, it means that the "example.com" zone stored in
"static/antiphish.db" file must contain NS record for "needs":
needs NS your.name.server.
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
On 02/20/2019 01:19 PM, King, Harold Clyde (Hal) wrote: Can I create a root zone to define a wildcard pointing to our warning page with one hostname defined going to a forward’ed DNS source? I could just give it an IP, but can I forward that one domain to outside DNS (Google or their NS repository)? Are you using Response Policy Zone? Or are you trying to do a DNS hijack? If you're using RPZ, you should be able to make example.com. / *.example.com. redirect while still allowing needs.example.com. to pass thru unmodified. example.com IN CNAME url-blocking.ourdns.com *.example.com IN CNAME url-blocking.ourdns.com needs.example.com IN rpz-passthru. I prefer RPZ for this type of filtering over DNS hijacking if I can do so. -- Grant. . . . unix || die smime.p7s Description: S/MIME Cryptographic Signature ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
Delegate needs.example.com from example.com and you should be set.
- Kevin
On Wed, Feb 20, 2019 at 3:40 PM King, Harold Clyde (Hal)
wrote:
> Could I just define needs.example.com as a zone in a separate file so:
>
>
>
> zone "example.com" { type master; notify no; file "static/antiphish.db";
> };
>
> zone "needs.example.com" { type forward; forwards{8.8.8.8;};
>
>
>
>
>
> --
>
> Hal
>
>
>
>
>
>
> We have a URL phishing setup that causes URLs we detect to redirect to a
> warning page. We have run into a problem. One of our clients has scripts
> that he calls from a host in that domain.
>
> Needs.example.com when we block example.com.
>
> Can I create a root zone to define a wildcard pointing to our warning page
> with one hostname defined going to a forward’ed DNS source? I could just
> give it an IP, but can I forward that one domain to outside DNS (Google or
> their NS repository)?
>
>
>
> Here’s a very rough draft of the root zone:
>
>
>
> $ORIGIN .
>
> $TTL 3600
>
> example.com IN SOA us.ourdns.com. helpdesk.ourdns.com.
>
>
>
> *CNAME url-blocking.ourdns.com
>
> needsforward(8.8.8.8)
>
>
>
> --
>
> Hal
>
>
> ___
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
Could I just define needs.example.com as a zone in a separate file so:
zone "example.com" { type master; notify no; file "static/antiphish.db"; };
zone "needs.example.com" { type forward; forwards{8.8.8.8;};
--
Hal
We have a URL phishing setup that causes URLs we detect to redirect to a
warning page. We have run into a problem. One of our clients has scripts that
he calls from a host in that domain.
Needs.example.com when we block example.com.
Can I create a root zone to define a wildcard pointing to our warning page with
one hostname defined going to a forward’ed DNS source? I could just give it an
IP, but can I forward that one domain to outside DNS (Google or their NS
repository)?
Here’s a very rough draft of the root zone:
$ORIGIN .
$TTL 3600
example.com IN SOA us.ourdns.com. helpdesk.ourdns.com.
*CNAME url-blocking.ourdns.com
needsforward(8.8.8.8)
--
Hal
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Re: Combining forward with master zone.
As discussed in another thread, delegate the zone you want to forward, in addition to defining the zone as "type forward". If you already tried a "type forward" and it didn't work, it was probably because the delegation was missing. It's a non-obvious requirement, but named needs to see the zone cut. - Kevin On Wed, Feb 20, 2019 at 3:19 PM King, Harold Clyde (Hal) wrote: > We have a URL phishing setup that causes URLs we detect to redirect to a > warning page. We have run into a problem. One of our clients has scripts > that he calls from a host in that domain. > > Needs.example.com when we block example.com. > > Can I create a root zone to define a wildcard pointing to our warning page > with one hostname defined going to a forward’ed DNS source? I could just > give it an IP, but can I forward that one domain to outside DNS (Google or > their NS repository)? > > > > Here’s a very rough draft of the root zone: > > > > $ORIGIN . > > $TTL 3600 > > example.com IN SOA us.ourdns.com. helpdesk.ourdns.com. > > > > *CNAME url-blocking.ourdns.com > > needsforward(8.8.8.8) > > > > -- > > Hal > > > ___ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > unsubscribe from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Combining forward with master zone.
We have a URL phishing setup that causes URLs we detect to redirect to a warning page. We have run into a problem. One of our clients has scripts that he calls from a host in that domain. Needs.example.com when we block example.com. Can I create a root zone to define a wildcard pointing to our warning page with one hostname defined going to a forward’ed DNS source? I could just give it an IP, but can I forward that one domain to outside DNS (Google or their NS repository)? Here’s a very rough draft of the root zone: $ORIGIN . $TTL 3600 example.com IN SOA us.ourdns.com. helpdesk.ourdns.com. *CNAME url-blocking.ourdns.com needsforward(8.8.8.8) -- Hal ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
